Wireshark-users: Re: [Wireshark-users] "strange" Fragmented ip packet

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 11 Apr 2008 12:50:38 -0700
Velissarios Lataris wrote:

In a series of ftp data (over a wireless link and using the huawei e220 device)

So presumably that device looks like an Ethernet to the operating system. Are you capturing traffic to and from the machine on which you're running Wireshark? If so, what OS are you running on that machine?

Could it be that I captured something that wasn�t meant for me due to bad radio conditions?

Yes, that could be the problem, although I'd *expect* that if the packet weren't received correctly some checksum/CRC at the GPRS, EDGE, or UMTS layer would catch that, and the E220 wouldn't have supplied the packet to the host in the first place.

Why are its fields so messed up?

If the packet wasn't received correctly over the air, that could cause some fields to have the wrong values - but the Ethernet protocol type field isn't messed up, which is a bit strange. It might be that the adapter or the driver is constructing a fake Ethernet field, and is assuming that *all* traffic is IP traffic, which might explain why the Ethernet protocol type field is valid.