Frame Size and Wireshark

Phil Morgan • January 24, 2025

Frame Size and Wireshark


This blog is a write up of what was discussed at our first AMA session:

https://www.youtube.com/watch?v=TM70jXEsFsk


In Wireshark, when you look at the frame sizes, by viewing the “Length” field, it reports a number to you. This is the frame length. You can view this by looking under the Frame section of Wireshark.

You can of course add this as a column in Wireshark.

Well, it’s lying to you. Everyone knows that ACKs are 14 Bytes, not 70!


What? Why? How?...


Well, this is actually quite simple. Wireshark is reporting the size of the frame, INCLUDING the radiotap header.


The radiotap header is added by the capturing device, and it gives you all sort of information about the frame when it was captured.


Different capturing devices, and software, do this differently. While there are standard formats for storing this information, different applications will do this differently. Also, it depends on which protocol you are capturing. So, essentially, different protocols have different frame sizes based on information that different applications store!!!


So, a capture made with one capturing device, may use different frame sizes than a capture made on a different tool. Also, these numbers depend on what protocol is being captured 802.11n, ac, ax, or be, etc.


This number is essentially the frame size in the pcap file, including the radiotap header.


Can you turn this off, or adjust it?


Simple answer: NO!


However, there is a little trick you can do, and that is to display the radiotap header size next to the length.


Simply add the Radiotap Header > Header Length as a column, and you can see what you need to see!


Then you can do a quick math sum, and work out the real size of the frame!

70-56 = 14 just like it should be!

See you next time!

===

About NC-Expert

NC-Expert is a privately-held California corporation and is well established within the Wireless, Security, and Collaboration industry certification training, courseware development, and consulting markets.

Led by its Founder and CEO, Rie Vainstein, NC-Expert has won numerous private contracts with Fortune level companies around the world. These customers have depended on NC-Expert to train, advise, and mentor their staff.

So remember, if you are looking for the best IT training just call us at (855) 941-2121 or contact us

NC-Expert Blog

The Realities of Transition Mode

By Phil Morgan February 11, 2025
The Grim Realities of Transition Mode Summary of a recent experience relating to Transition Mode. I have been quite vocal of my hatred of Transition Mode (for WPA3). We have a solution for this - dual SSIDs: https://wifisecuritywizard.com/general/problems-with-wpa3/ IMHO - Transition Mode is dumb! Turn on WPA3, and for everything that doesn’t support it, create a second SSID for now... while you upgrade everything! I have actually said “it’s 2025 for goodness sake, how many devices do you have that don’t do WPA3?!” Well, the other day, the universe decided to mess with me... Scenario: in one of our smaller offices, we are upgrading to Ubiquiti. I arrive on site, I upgrade the system, 5GHz only WPA3, everything is working great! I do one last check, and one of the users mentions, “Oh, the Brother color laser printer isn’t working.” (It’s a nice little device. Prints really well. Cheap to run.)

The Importance of Training for IT Industry Certifications

By Rie Vainstein January 18, 2025
An Important Task The IT industry is one of the most competitive and dynamic sectors in today’s swiftly evolving technology landscape. Whether you are a seasoned professional seeking to advance your career, or a newcomer seeking to enter into the field, obtaining IT certifications can have a substantial impact on your trajectory. However, earning certifications is not just about passing exams, an important factor is the study and practice that goes into getting ready to sit the exam. Training for IT industry certifications is a critical investment, offering both technical and professional benefits that can pay dividends throughout your career. Enhancing Technical Expertise At its core, IT certification training is designed to deepen your understanding of critical technologies and concepts. Whether it's network administration, design, cybersecurity, or analysis and optimization, each certification offers an opportunity to master a specialized area within the IT environment. By engaging in structured training programs, you not only learn the theoretical aspects of a technology but also gain hands-on experience in applying it to real-world scenarios. For example, pursuing certifications like CWNP’s Certified Wireless Network Administrator (CWNA), CompTIA’s Network+, or Cisco’s Certified Network Associate (CCNA) requires you to develop a solid foundation in network management, administration, and troubleshooting. This level of expertise is often beyond what you would learn on the job without formal training, giving you the ability to perform tasks more efficiently and with greater confidence.

Why ILT is Better Than Self-Study for IT Professionals

By Rie Vainstein December 20, 2024
In the IT profession, which is better: self-study or instructor-led training? You’d likely answer that self-study is cheaper... but, in the long run, is it? This blog compares the benefits and costs of deciding on a path to learning.
Share by: