Wireshark-users: Re: [Wireshark-users] Seeking help debugging ethernet Invalid length/type 0x05e4

From: Richard Brodie <leogah@xxxxxxxxxxx>
Date: Fri, 10 Jan 2014 23:04:55 +0000
Stephen Nesbitt <snesbitt@xxxxxxxxxxxxxxxxxxxx> wrote:

> I'm seeing in Wireshark...
> 2471 145.246787000 Rosewill_XXXX Netgear_XXXX Ethernet 1522
> Ethernet Unknown: Invalid length/type: 0x05e4 (1508)

OK, this is a bit wierd. The packet is a little bit oversized but has nothing like a VLAN tag to explain why.

> So, do I need to try to fix this?

That depends on your motivation. From a practical point of view, a few packets a second that probably nothing on your network can make sense of, is unlikely to cause a problem of itself. Mentally filing it as wierd but probably unimportant is fairly reasonable. I figure it's worth seeing these things on a baseline look at the network, then you don't get distracted by them when troubleshooting a genuine problem.

On, the other hand, if it was me, I would be curious, if I could spare the time.

> And if so, where should I start.

Well, you have a source Mac address, so you know (or can find out) the box that is sending it. Maybe then look at firmware updates & release notes, or the manufacturer site. Is the destination multicast, or directed to one of the other systems on your network? If the latter, why those two? Any sort of VPN like connection between them?

>The packet data just looks like gibberish to me.

Well, maybe some more eyes might help, if it's some odd encapsulation, and the fields are shifted around a bit. However, you understandably might not want to do that.

Richard Brodie.