I've been trying to troubleshoot some packets I see on our network.
What I have noticed, is every time there is a problem, there is this UnknownData tag associated with the Ethernet frame.
Could that be because of a problem in my NPL parser or is this typical of some kind of NIC issue?
Note that this was captured on a virtual machine.
Frame: Number = 33228, Captured Frame Length = 102, MediaType = ETHERNET
- Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[00-0C-29-FA-F2-86],SourceAddress:[00-0F-F7-B0-51-00]
- DestinationAddress: VMware, Inc. FAF286 [00-0C-29-FA-F2-86]
IG: (0.......) Individual address
UL: (.0......) Universally Administered Address
- SourceAddress: Cisco Systems B05100 [00-0F-F7-B0-51-00]
UL: .0...... Universally Administered Address
EthernetType: Internet IP (IPv4), 2048(0x800)
UnknownData: Binary Large Object (45 Bytes)
It may be a parser issue, or it is just some un-initialized buffer. Can you please show me some more details of upper level protocols including IP, TCP etc for me to better understand what's happenning?