[General boards] [Fall 2018 courses] [Summer 2018 courses] [Winter 2018 courses] [Older or newer terms]

Overhead ratio - calculation of data length


For a given packet, if we have the onwire length and the captured length, would it be safe to assume the following:

packet data length = onwire length - captured length

Or do we need to manually go through each level of the layer hierarchy and extract out the header lengths and add them up to be used in our calculation?

The assignment says the following:

Note that for the size of a packet, you should check the header of the packet, because the payloads are not included in the packet traces and only headers are provided

This would imply that the captured length does indeed denote the accumulated header lengths of a given packet. However the instructor’s response to this is: Flow Size overhead

The sum of bytes. For example, you should the length of Ethernet header with the length of IP header with the length of TCP header.

So should we be manually adding up the headers (and then calculating data length with it) or can we skip this step and get the data length directly with:
packet data length = onwire length - captured length


The capture length only represents which portion of the packet is included in the file. It is usually set as a higher limit during the caption (e.g., you do not want to record more than 128 bytes from each flow).
Therefore, to find the overhead, you need to find the size of the payload data (by looking in appropriate transport layer protocol) and subtract it from total frame size to find the overhead.