Wireshark · Wireshark-users: Re: [Wireshark-users] Ping data size

Wireshark-users: Re: [Wireshark-users] Ping data size
From: "RUOFF LARS" <Lars.Ruoff@xxxxxxxxxxxxxxxxx>
Date: Tue, 24 Mar 2009 16:17:55 +0100
The solution to the mystery is in frame 14!
http://en.wikipedia.org/wiki/IP_fragmentation
 
regards,
Lars
 



________________________________

	From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Gustavo Vera
Heredia
	Sent: mardi 24 mars 2009 16:01
	To: wireshark-users@xxxxxxxxxxxxx
	Subject: [Wireshark-users] Ping data size
	
	
	Hi all members,
	
	I wonder if you could explain me why this happens: I ping from
one computer to another one in my network. My ping data size is 2000
bytes but I see that the frames containing the ping request and reply
have only 562 bytes, why not 2000??. Why is that? 
	
	This is what I can see:
	
	Frame 13 (562 bytes on wire, 562 bytes captured)
	Ethernet II, Src: RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59), Dst:
RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2)
	Destination: RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2)
	Source: RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59)
	Type: IP (0x0800)
	Internet Protocol, Src: 10.24.4.13 (10.24.4.13), Dst: 10.24.4.16
(10.24.4.16)
	Internet Control Message Protocol
	Type: 8 (Echo (ping) request)
	Code: 0 
	Checksum: 0xb577 [correct]
	Identifier: 0x0200
	Sequence number: 0xc400
	Data (2000 bytes)
	Frame (562 bytes):
	
	Frame 14 (1514 bytes on wire, 1514 bytes captured)
	Ethernet II, Src: RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2), Dst:
RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59)
	Destination: RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59)
	Source: RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2)
	Type: IP (0x0800)
	Internet Protocol, Src: 10.24.4.16 (10.24.4.16), Dst: 10.24.4.13
(10.24.4.13)
	Data (1480 bytes)
	
	Frame 15 (562 bytes on wire, 562 bytes captured)
	Ethernet II, Src: RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2), Dst:
RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59)
	Destination: RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59)
	Source: RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2)
	Type: IP (0x0800)
	Internet Protocol, Src: 10.24.4.16 (10.24.4.16), Dst: 10.24.4.13
(10.24.4.13)
	Internet Control Message Protocol
	Type: 0 (Echo (ping) reply)
	Code: 0 
	Checksum: 0xbd77 [correct]
	Identifier: 0x0200
	Sequence number: 0xc400
	Data (2000 bytes)
	Frame (562 bytes):
	 
	(following frames)
	 
	Frame 16 (60 bytes on wire, 60 bytes captured)
	IEEE 802.3 Ethernet 
	Logical-Link Control
	Spanning Tree Protocol
	...
	
	 
	No.     Time        Source                Destination
Protocol Info
	     17 2.759099    RealtekS_a3:41:b3     Broadcast
ARP      Who has 10.24.4.62?  Tell 10.24.4.11
	Frame 17 (60 bytes on wire, 60 bytes captured)
	Ethernet II, Src: RealtekS_a3:41:b3 (00:e0:4c:a3:41:b3), Dst:
Broadcast (ff:ff:ff:ff:ff:ff)
	    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
	    Source: RealtekS_a3:41:b3 (00:e0:4c:a3:41:b3)
	    Type: ARP (0x0806)
	    Trailer: 839501100001000000000000204641464B46
	Address Resolution Protocol (request)
	    Hardware type: Ethernet (0x0001)
	    Protocol type: IP (0x0800)
	    Hardware size: 6
	    Protocol size: 4
	    Opcode: request (0x0001)
	    Sender MAC address: RealtekS_a3:41:b3 (00:e0:4c:a3:41:b3)
	    Sender IP address: 10.24.4.11 (10.24.4.11)
	    Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
	    Target IP address: 10.24.4.62 (10.24.4.62)
	 
	 
	No.     Time        Source                Destination
Protocol Info
	     18 2.842990    RealtekS_a4:d4:10     Broadcast
ARP      Who has 10.24.4.62?  Tell 10.24.4.14
	Frame 18 (60 bytes on wire, 60 bytes captured)
	Ethernet II, Src: RealtekS_a4:d4:10 (00:e0:4c:a4:d4:10), Dst:
Broadcast (ff:ff:ff:ff:ff:ff)
	    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
	    Source: RealtekS_a4:d4:10 (00:e0:4c:a4:d4:10)
	    Type: ARP (0x0806)
	    Trailer: 80D201100001000000000000204646444444
	Address Resolution Protocol (request)
	    Hardware type: Ethernet (0x0001)
	    Protocol type: IP (0x0800)
	    Hardware size: 6
	    Protocol size: 4
	    Opcode: request (0x0001)
	    Sender MAC address: RealtekS_a4:d4:10 (00:e0:4c:a4:d4:10)
	    Sender IP address: 10.24.4.14 (10.24.4.14)
	    Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
	    Target IP address: 10.24.4.62 (10.24.4.62)
	 

	No.     Time        Source                Destination
Protocol Info
	     19 2.931289    RealtekS_a5:9e:5d     Broadcast
ARP      Who has 10.24.4.62?  Tell 10.24.4.17
	Frame 19 (60 bytes on wire, 60 bytes captured)
	Ethernet II, Src: RealtekS_a5:9e:5d (00:e0:4c:a5:9e:5d), Dst:
Broadcast (ff:ff:ff:ff:ff:ff)
	    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
	    Source: RealtekS_a5:9e:5d (00:e0:4c:a5:9e:5d)
	    Type: ARP (0x0806)
	    Trailer: 81A701100001000000000000204646444444
	Address Resolution Protocol (request)
	    Hardware type: Ethernet (0x0001)
	    Protocol type: IP (0x0800)
	    Hardware size: 6
	    Protocol size: 4
	    Opcode: request (0x0001)
	    Sender MAC address: RealtekS_a5:9e:5d (00:e0:4c:a5:9e:5d)
	    Sender IP address: 10.24.4.17 (10.24.4.17)
	    Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
	    Target IP address: 10.24.4.62 (10.24.4.62)

	 
	 
	No.     Time        Source                Destination
Protocol Info
	     20 3.045996    RealtekS_a4:d2:ff     Broadcast
ARP      Who has 10.24.4.62?  Tell 10.24.4.10
	Frame 20 (60 bytes on wire, 60 bytes captured)
	Ethernet II, Src: RealtekS_a4:d2:ff (00:e0:4c:a4:d2:ff), Dst:
Broadcast (ff:ff:ff:ff:ff:ff)
	    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
	    Source: RealtekS_a4:d2:ff (00:e0:4c:a4:d2:ff)
	    Type: ARP (0x0806)
	    Trailer: 3C016A105018FAB47DF8000085000000FF53
	Address Resolution Protocol (request)
	    Hardware type: Ethernet (0x0001)
	    Protocol type: IP (0x0800)
	    Hardware size: 6
	    Protocol size: 4
	    Opcode: request (0x0001)
	    Sender MAC address: RealtekS_a4:d2:ff (00:e0:4c:a4:d2:ff)
	    Sender IP address: 10.24.4.10 (10.24.4.10)
	    Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
	    Target IP address: 10.24.4.62 (10.24.4.62)
	..
	
	 
	No.     Time        Source                Destination
Protocol Info
	     21 3.100425    10.24.4.13            10.24.4.16
IP       Fragmented IP protocol (proto=ICMP 0x01, off=0) [Reassembled in
#22]
	Frame 21 (1514 bytes on wire, 1514 bytes captured)
	Ethernet II, Src: RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59), Dst:
RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2)
	    Destination: RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2)
	    Source: RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59)
	    Type: IP (0x0800)
	Internet Protocol, Src: 10.24.4.13 (10.24.4.13), Dst: 10.24.4.16
(10.24.4.16)
	Data (1480 bytes)
	
	 
	No.     Time        Source                Destination
Protocol Info
	     22 3.100451    10.24.4.13            10.24.4.16
ICMP     Echo (ping) request
	Frame 22 (562 bytes on wire, 562 bytes captured)
	Ethernet II, Src: RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59), Dst:
RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2)
	    Destination: RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2)
	    Source: RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59)
	    Type: IP (0x0800)
	Internet Protocol, Src: 10.24.4.13 (10.24.4.13), Dst: 10.24.4.16
(10.24.4.16)
	Internet Control Message Protocol
	    Type: 8 (Echo (ping) request)
	    Code: 0 
	    Checksum: 0xb477 [correct]
	    Identifier: 0x0200
	    Sequence number: 0xc500
	    Data (2000 bytes)
	Frame (562 bytes):
	...
	
	No.     Time        Source                Destination
Protocol Info
	  23 3.101207    10.24.4.16            10.24.4.13            IP
Fragmented IP protocol (proto=ICMP 0x01, off=0) [Reassembled in #24]
	Frame 23 (1514 bytes on wire, 1514 bytes captured)
	Ethernet II, Src: RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2), Dst:
RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59)
	    Destination: RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59)
	    Source: RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2)
	    Type: IP (0x0800)
	Internet Protocol, Src: 10.24.4.16 (10.24.4.16), Dst: 10.24.4.13
(10.24.4.13)
	Data (1480 bytes)
	 
	No.     Time        Source                Destination
Protocol Info
	     24 3.101222    10.24.4.16            10.24.4.13
ICMP     Echo (ping) reply
	Frame 24 (562 bytes on wire, 562 bytes captured)
	Ethernet II, Src: RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2), Dst:
RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59)
	    Destination: RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59)
	    Source: RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2)
	    Type: IP (0x0800)
	Internet Protocol, Src: 10.24.4.16 (10.24.4.16), Dst: 10.24.4.13
(10.24.4.13)
	Internet Control Message Protocol
	    Type: 0 (Echo (ping) reply)
	    Code: 0 
	    Checksum: 0xbc77 [correct]
	    Identifier: 0x0200
	    Sequence number: 0xc500
	    Data (2000 bytes)
	Frame (562 bytes):
	...
	No.     Time        Source                Destination
Protocol Info
	     25 3.760546    RealtekS_a3:41:b3     Broadcast
ARP      Who has 10.24.4.62?  Tell 10.24.4.11
	Frame 25 (60 bytes on wire, 60 bytes captured)
	Ethernet II, Src: RealtekS_a3:41:b3 (00:e0:4c:a3:41:b3), Dst:
Broadcast (ff:ff:ff:ff:ff:ff)
	    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
	    Source: RealtekS_a3:41:b3 (00:e0:4c:a3:41:b3)
	    Type: ARP (0x0806)
	    Trailer: 6162636465666768696A6B6C6D6E6F707172
	Address Resolution Protocol (request)
	    Hardware type: Ethernet (0x0001)
	    Protocol type: IP (0x0800)
	    Hardware size: 6
	    Protocol size: 4
	    Opcode: request (0x0001)
	    Sender MAC address: RealtekS_a3:41:b3 (00:e0:4c:a3:41:b3)
	    Sender IP address: 10.24.4.11 (10.24.4.11)
	    Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
	    Target IP address: 10.24.4.62 (10.24.4.62)
	 

	No.     Time        Source                Destination
Protocol Info
	     26 3.999347    RealtekS_c2:f4:69     Broadcast
ARP      Who has 10.23.3.62?  Tell 10.23.3.15
	Frame 26 (60 bytes on wire, 60 bytes captured)
	Ethernet II, Src: RealtekS_c2:f4:69 (00:e0:4c:c2:f4:69), Dst:
Broadcast (ff:ff:ff:ff:ff:ff)
	    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
	    Source: RealtekS_c2:f4:69 (00:e0:4c:c2:f4:69)
	    Type: ARP (0x0806)
	    Trailer: 83F9AD86000000010000000020454D454245
	Address Resolution Protocol (request)
	    Hardware type: Ethernet (0x0001)
	    Protocol type: IP (0x0800)
	    Hardware size: 6
	    Protocol size: 4
	    Opcode: request (0x0001)
	    Sender MAC address: RealtekS_c2:f4:69 (00:e0:4c:c2:f4:69)
	    Sender IP address: 10.23.3.15 (10.23.3.15)
	    Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
	    Target IP address: 10.23.3.62 (10.23.3.62)

	No.     Time        Source                Destination
Protocol Info
	     27 4.101803    10.24.4.13            10.24.4.16
IP       Fragmented IP protocol (proto=ICMP 0x01, off=0) [Reassembled in
#28]
	Frame 27 (1514 bytes on wire, 1514 bytes captured)
	Ethernet II, Src: RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59), Dst:
RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2)
	    Destination: RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2)
	    Source: RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59)
	    Type: IP (0x0800)
	Internet Protocol, Src: 10.24.4.13 (10.24.4.13), Dst: 10.24.4.16
(10.24.4.16)
	Data (1480 bytes)
	....
	No.     Time        Source                Destination
Protocol Info
	     28 4.101824    10.24.4.13            10.24.4.16
ICMP     Echo (ping) request
	Frame 28 (562 bytes on wire, 562 bytes captured)
	Ethernet II, Src: RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59), Dst:
RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2)
	    Destination: RealtekS_a3:41:b2 (00:e0:4c:a3:41:b2)
	    Source: RealtekS_a5:9e:59 (00:e0:4c:a5:9e:59)
	    Type: IP (0x0800)
	Internet Protocol, Src: 10.24.4.13 (10.24.4.13), Dst: 10.24.4.16
(10.24.4.16)
	Internet Control Message Protocol
	    Type: 8 (Echo (ping) request)
	    Code: 0 
	    Checksum: 0xb377 [correct]
	    Identifier: 0x0200
	    Sequence number: 0xc600
	    Data (2000 bytes)
	Frame (562 bytes):
	
	
	Thanks in advance!!!
References:
- [Wireshark-users] Ping data size
  - From: Gustavo Vera Heredia
Prev by Date: [Wireshark-users] Ping data size
Next by Date: Re: [Wireshark-users] Ping data size
Previous by thread: [Wireshark-users] Ping data size
Next by thread: Re: [Wireshark-users] Ping data size
Index(es):
- Date
- Thread