Wireshark-users: Re: [Wireshark-users] Seeking help debugging ethernet Invalid length/type 0x05e4

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Stephen Nesbitt <snesbitt@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 10 Jan 2014 16:58:22 -0800
Richard:

Thanks for the info.

Right now I'm suspecting either a ath9k driver issue or a firmware issue.   
ath9k. Replaced that card with a different card using a RealTek driver and the 
problem seems to have disappeared.

Thanks again,

-steve

On Friday, January 10, 2014 11:04:55 PM Richard Brodie wrote:
> Stephen Nesbitt <snesbitt@xxxxxxxxxxxxxxxxxxxx> wrote:
>  > I'm seeing in Wireshark...
>  > 2471 145.246787000 Rosewill_XXXX Netgear_XXXX Ethernet 1522
>  > Ethernet Unknown: Invalid length/type: 0x05e4 (1508)
> 
> OK, this is a bit wierd. The packet is a little bit oversized but has
> nothing like a VLAN tag to explain why.
> 
>  > So, do I need to try to fix this?
> 
>   That depends on your motivation. From a practical point of view, a few
> packets a second that probably nothing on your network can make sense
> of, is unlikely to cause a problem of itself. Mentally filing it as
> wierd but probably unimportant is fairly reasonable. I figure it's worth
> seeing these things on a baseline look at the network, then you don't
> get distracted by them when troubleshooting a genuine problem.
> 
> On, the other hand, if it was me, I would be curious, if I could spare
> the time.
> 
>  > And if so, where should I start.
> 
> Well, you have a source Mac address, so you know (or can find out) the
> box that is sending it. Maybe then look at firmware updates & release
> notes, or the manufacturer site. Is the destination multicast, or
> directed to one of the other systems on your network? If the latter, why
> those two? Any sort of VPN like connection between them?
> 
>  >The packet data just looks like gibberish to me.
> 
> Well, maybe some more eyes might help, if it's some odd encapsulation,
> and the fields are shifted around a bit. However, you understandably
> might not want to do that.
> 
> Richard Brodie.
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe