Disclosed is a method and apparatus for checking link layer protocol frames such as Ethernet frames. The method can be implemented on a processor executing software instructions stored in memory. In one embodiment of the invention, the method includes receiving an Ethernet frame, and counting data bytes of the Ethernet frame to generate a total number of counted bytes. The total number of counted bytes can be used to calculate a data length of a datagram of the Ethernet frame. Once calculated, the datagram data length can be compared to a predetermined value. If the datagram length does not fall within an acceptable range of the predetermined value, the Ethernet frame may be dropped so that the Ethernet frame does not reach its final destination.