Frame Size and Wireshark

Phil Morgan • January 24, 2025

Frame Size and Wireshark


This blog is a write up of what was discussed at our first AMA session:

https://www.youtube.com/watch?v=TM70jXEsFsk


In Wireshark, when you look at the frame sizes, by viewing the “Length” field, it reports a number to you. This is the frame length. You can view this by looking under the Frame section of Wireshark.

You can of course add this as a column in Wireshark.

Well, it’s lying to you. Everyone knows that ACKs are 14 Bytes, not 70!


What? Why? How?...


Well, this is actually quite simple. Wireshark is reporting the size of the frame, INCLUDING the radiotap header.


The radiotap header is added by the capturing device, and it gives you all sort of information about the frame when it was captured.


Different capturing devices, and software, do this differently. While there are standard formats for storing this information, different applications will do this differently. Also, it depends on which protocol you are capturing. So, essentially, different protocols have different frame sizes based on information that different applications store!!!


So, a capture made with one capturing device, may use different frame sizes than a capture made on a different tool. Also, these numbers depend on what protocol is being captured 802.11n, ac, ax, or be, etc.


This number is essentially the frame size in the pcap file, including the radiotap header.


Can you turn this off, or adjust it?


Simple answer: NO!


However, there is a little trick you can do, and that is to display the radiotap header size next to the length.


Simply add the Radiotap Header > Header Length as a column, and you can see what you need to see!


Then you can do a quick math sum, and work out the real size of the frame!

70-56 = 14 just like it should be!

See you next time!

===

About NC-Expert

NC-Expert is a privately-held California corporation and is well established within the Wireless, Security, and Collaboration industry certification training, courseware development, and consulting markets.

Led by its Founder and CEO, Rie Vainstein, NC-Expert has won numerous private contracts with Fortune level companies around the world. These customers have depended on NC-Expert to train, advise, and mentor their staff.

So remember, if you are looking for the best IT training just call us at (855) 941-2121 or contact us

NC-Expert Blog

By Phil Morgan March 13, 2025
Troubleshooting Wireless Networks with Ekahau: A Professional Engineer’s Guide Wireless networks have become the backbone of modern business infrastructure. From office environments to large-scale enterprises, ensuring a seamless wireless experience is essential for productivity. However, despite advancements in Wi-Fi technology, network performance issues often arise, ranging from signal interference and dead zones to capacity overloads and channel mismanagement. To tackle these issues efficiently, professional engineers rely on powerful tools. One such tool, Ekahau AI Pro, has become a gold standard in the wireless industry for troubleshooting and optimizing Wi-Fi networks. This blog delves into troubleshooting wireless networks using Ekahau tools, providing practical examples and technical insights to guide professional engineers in improving network performance.
By Rie Vainstein March 3, 2025
Futureproofing Our Security In our increasingly connected world, the security of digital information has never been more critical. From banking transactions to private communications, our data is constantly transmitted and stored across the internet. The current systems that protect this data rely on cryptography, a branch of mathematics that helps keep information secure by encoding it in ways that are difficult to decode without the proper key. However, with the rise of quantum computers, traditional cryptography is facing new and significant threats. This is where Post-Quantum Cryptography comes into play. What is Post-Quantum Cryptography? Post-Quantum Cryptography (PQC) [1] refers to cryptographic algorithms that are specifically designed to be secure against the power of quantum computers. Quantum computers, once they become practical, will be capable of solving complex mathematical problems much faster than classical computers. This will render many of the encryption methods we rely on today [such as RSA (Rivest, Shamir, and Adleman – initials of the inventors) and ECC (Elliptic Curve Cryptography)] vulnerable to attack. Quantum computers operate on quantum bits, or “qubits”, which can exist in multiple states simultaneously, unlike classical bits that are either a zer (0) or one (1). This allows quantum computers to perform certain calculations exponentially faster than classical computers. For example, in a matter of seconds, a quantum computer could potentially break an RSA key, which is considered secure by today’s standards. As quantum computing technology advances, the need for PQC becomes even more urgent.
By Phil Morgan February 27, 2025
Designing a Wi-Fi Network This is the first in a series of blogs on Wi-Fi operation, design, and troubleshooting. Designing a Wi-Fi network is much easier if you have the right procedures and tools in place. First you must collect data about the network: What are the requirements of the network? What is the goal of the new network? What is it meant to achieve? Are there any constraints you have to overcome? Next you have to decide what wireless vendor is being used? One of the most important things to get is an accurate map (or plan) of the site and the various floors.
Share by: