Stephen Nesbitt <snesbitt@xxxxxxxxxxxxxxxxxxxx> wrote:
> I'm seeing in Wireshark...
> 2471 145.246787000 Rosewill_XXXX Netgear_XXXX Ethernet 1522
> Ethernet Unknown: Invalid length/type: 0x05e4 (1508)
OK, this is a bit wierd. The packet is a little bit oversized but has
nothing like a VLAN tag to explain why.
> So, do I need to try to fix this?
That depends on your motivation. From a practical point of view, a few
packets a second that probably nothing on your network can make sense
of, is unlikely to cause a problem of itself. Mentally filing it as
wierd but probably unimportant is fairly reasonable. I figure it's worth
seeing these things on a baseline look at the network, then you don't
get distracted by them when troubleshooting a genuine problem.
On, the other hand, if it was me, I would be curious, if I could spare
the time.
> And if so, where should I start.
Well, you have a source Mac address, so you know (or can find out) the
box that is sending it. Maybe then look at firmware updates & release
notes, or the manufacturer site. Is the destination multicast, or
directed to one of the other systems on your network? If the latter, why
those two? Any sort of VPN like connection between them?
>The packet data just looks like gibberish to me.
Well, maybe some more eyes might help, if it's some odd encapsulation,
and the fields are shifted around a bit. However, you understandably
might not want to do that.
Richard Brodie.