This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TCP data size < size(IP Packet) - size(IP Header) - size(TCP Header) ???

0

I use a java socket API to send data over TCP network. Recently I've got a strange bug: I'm sending 45 bytes into socket stream, but reciver gots only 42 of them. Looking through a tcpdump I see that the data section 42 bytes, although IP Packet size - IP Header size - TCP Header = 45! (see the image alt text) How it's possible?

asked 19 Mar '14, 09:01

Andrey%20Tolmachev's gravatar image

Andrey Tolma...
1111
accept rate: 0%


One Answer:

4

Look at the line for the frame in the packet details:

Frame 1: 99 bytes on wire (792 bits), 96 bytes captured (768 bits)

Your capture is probably set to only grab 96 bytes.

answered 19 Mar '14, 09:03

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

and it's a good thing the IP total length is not adjusted accordingly, or the TCP expert would go crazy over missing sequence numbers :-)

(19 Mar '14, 12:24) Jasper ♦♦

@Andrey If you want to capture the entire packet with tcpdump use the -s 0 option.

(19 Mar '14, 13:12) Roland