Wireshark-users: Re: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake n

From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Thu, 03 May 2007 14:10:23 +0200
> -----Ursprüngliche Nachricht-----
> Von: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> Gesendet: 03.05.07 14:01:36
> An: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
> Betreff: Re: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?


> 
> Jumbo frames?
> 

Maybe, but I would guess that WinPcap can handle (Gigabit Ethernet) jumbo frames.


Maybe some kind of offloading work to the network card.

I think I've read about an NDIS (>= V6?) proposal to (optionally) offload the complete TCP/IP work to the network card "hardware". So the Winsock stack won't do a lot more than transferring socket data to the network card. I guess that WinPcap can't handle this, but I've never seen this "in the wild" so I don't know.

What does the Task Offload tab in the interface details display (menu: Capture/Interfaces/Details)?

Maybe there's an option in the network card driver to switch off offloading, you may try to play with the options ...

Regards, ULFL

_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192