https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2726
--- Comment #1 from Guy Harris <guy@xxxxxxxxxxxx> 2008-07-18 12:41:34 PDT ---
Not all Ethernet packets *have* a length field. The Ethernet header has a
6-octet destination address, a 6-octet source address, and a 2-octet
type/length field. If the type/length field has a value <= 1500, it's a length
field; if it has a value >= 1536, it's a type field. (It's presumably invalid
if it has a value in the range 1501 through 1535.)
Almost all Ethernet packets have a type field; the main exceptions I know of
are:
NetBEUI Framing protocol packets (rarely seen these days - the main
NetBIOS-based application is SMB, and it usually uses NetBIOS-over-TCP or
direct SMB-over-TCP);
NetWare packets with non-"Ethernet II" encapsulation;
possibly some OSI and SNA protocols;
various protocols that don't have an Ethernet type but *do* have an
OUI/protocol ID pair and that thus require a SNAP header.
It might be that you have so little traffic on your network with a length field
that "eth.len" matches few if any packets.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.