milton wrote:
I use ethereal to capture the arp and icmp packets by pinging ethernet
lan computer from my host.
To my surprise,the length of arp request is 42bytes without
padding,while the length of arp reply packet is 60 bytes with 18 bytes
padding.
You're running Ethereal on the machine sending the ARP requests, right?
If so, then Ethereal is capturing the ARP requests *before* they're
transmitted on the Ethernet - most if not all Ethernet adapters don't
receive packets they're transmitting, so, in order to capture them, the
OS has to take the packets before they're transmitted and hand it to the
program doing the capturing.
The padding is added *after* that's done, so you won't see padding on
packets being sent by the machine doing the capturing.
The ARP replies are received by your machine, so they've been
transmitted on the Ethernet and have had padding added.
Both the icmp request and reply packets have 74 bytes length with padding.
A 74-byte-long packet probably has no padding - an Ethernet packet only
needs to be padded to 60 bytes of Ethernet header plus payload (64 bytes
if you also include the FCS). The 74 bytes is probably 14 bytes of
Ethernet header, 20 bytes of IP header, 8 bytes of ICMP header, and 32
bytes of echo payload.
If it's not padded, it'll be the same size before and after it's
transmitted.