What does "raw packet data" field mean in Wireshark?

Question

As you can see in first figure, what does that Raw packet data mean? What is the difference between normal tcp packet in figure 2?

FYI, I'm using Wireshark 2.2.0.

It's wireshark.org/docs/wsug_html_chunked/…. I know exactly how to check what's in the packet, when I click the "Raw packet data", it contains all the tcp packet. — jerrypy

sismo sismo · Accepted Answer · 2017-01-17T08:24:12

Basically when you are capturing packets on an interface you have an associated link type to it (ethernet, 802.11, 802.15.4, etc).

Raw packet is used when you dont have any, the first bytes captured are directly the IPv6 or IPv4 header.

Raw IP; the packet begins with an IPv4 or IPv6 header, with the "version" field of the header indicating whether it's an IPv4 or IPv6 header.