HI, I have a trace shows me a "Data protocol" as below. What is this? The application was just sending data through tcp, why there would an additional "Data Layer" be presented? Is it a wireshark behaivor? asked 16 Aug '14, 07:58  SteveZhou |
One Answer:
Well, there should be something above TCP since TCP is a transport protocol and is it presumably transporting some sort of data. Of course the TCP packets with no data--such as connection establishment, connection teardown, and pure acknowledgment packets--won't have anything above TCP. However, when Wireshark identifies something as "Data," it really means "unidentified." Normally you should see the higher layer protocol listed: HTTP, SMTP, POP, Telnet, FTP, etc. answered 16 Aug '14, 12:35  Jim Aragon |
I.e., the data layer is showing the data being sent through TCP. That data isn't considered part of the TCP protocol, it's part of some other protocol and, in this case, Wireshark can't determine what that protocol is and hasn't been told by the user what protocol it is, so it just shows it as raw data.
thank you!