Wireshark mailing list archives

Re: Seeking help debugging ethernet Invalid length/type 0x05e4

From: Stephen Nesbitt <snesbitt () aussieswithtails com>
Date: Fri, 10 Jan 2014 16:58:22 -0800

Richard:

Thanks for the info.

Right now I'm suspecting either a ath9k driver issue or a firmware issue.   
ath9k. Replaced that card with a different card using a RealTek driver and the 
problem seems to have disappeared.

Thanks again,

-steve

On Friday, January 10, 2014 11:04:55 PM Richard Brodie wrote:

Stephen Nesbitt <snesbitt () aussieswithtails com> wrote:
 > I'm seeing in Wireshark...
 > 2471 145.246787000 Rosewill_XXXX Netgear_XXXX Ethernet 1522
 > Ethernet Unknown: Invalid length/type: 0x05e4 (1508)

OK, this is a bit wierd. The packet is a little bit oversized but has
nothing like a VLAN tag to explain why.

 > So, do I need to try to fix this?

  That depends on your motivation. From a practical point of view, a few
packets a second that probably nothing on your network can make sense
of, is unlikely to cause a problem of itself. Mentally filing it as
wierd but probably unimportant is fairly reasonable. I figure it's worth
seeing these things on a baseline look at the network, then you don't
get distracted by them when troubleshooting a genuine problem.

On, the other hand, if it was me, I would be curious, if I could spare
the time.

 > And if so, where should I start.

Well, you have a source Mac address, so you know (or can find out) the
box that is sending it. Maybe then look at firmware updates & release
notes, or the manufacturer site. Is the destination multicast, or
directed to one of the other systems on your network? If the latter, why
those two? Any sort of VPN like connection between them?

 >The packet data just looks like gibberish to me.

Well, maybe some more eyes might help, if it's some odd encapsulation,
and the fields are shifted around a bit. However, you understandably
might not want to do that.

Richard Brodie.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Seeking help debugging ethernet Invalid length/type 0x05e4 Stephen Nesbitt (Jan 09)
- Re: Seeking help debugging ethernet Invalid length/type 0x05e4 Stuart Kendrick (Jan 10)
- <Possible follow-ups>
- Re: Seeking help debugging ethernet Invalid length/type 0x05e4 Richard Brodie (Jan 10)
  - Re: Seeking help debugging ethernet Invalid length/type 0x05e4 Stephen Nesbitt (Jan 10)