On Tue, Jul 24, 2001 at 09:09:20AM +0100, Neil Macdonald wrote:
> When I run Ethereal, I get lots of Short Frames - the only full size
> frames are ones coming from my machine.
>
> Can anyone advise?
I'd advise you to try WinDump:
http://netgroup-serv.polito.it/windump/
and see if similar things happen.
Run WinDump with "-s 65535", otherwise it'll cut frames short to 68
bytes (so that they'll all be short frames), and save the result to a
file with the "-w" flag. Then read the capture with Ethereal. (The "-s
65535" is absolutely critical; without it - or, at least, without a "-s"
argument at least as large as the maximum frame size on the network on
which you're capturing - the fact that you get short frames will just be
the result of not having told WinDump *not* to cut the frames short.)
If you still get short frames, it's a problem with WinPcap - the libpcap
port used both by Ethereal and WinDump - and it should be reported to
the WinDump maintainers, by sending mail to
winpcap@xxxxxxxxxxxxxxxxxxxxxxx
When reporting the problem to them, tell them what type of network card
you're using; it may be a problem with the WinPcap driver, or it may be
a problem with the particular network card. (Also mention that it's W2K
in the body of the message, not just in the subject line.)