Wireshark-users: Re: [Wireshark-users] Invalid packets

From: "Robert S. Grimes" <rsg@xxxxxxxxxx>
Date: Tue, 29 May 2007 15:57:23 -0400

Jeff Morriss wrote:
> Robert S. Grimes wrote:
>> Hi,
>> What does Wireshark do when it encounters invalid packets?  I'm trying
>> to develop a driver for an embedded system, and while it is definitely
>> sending something on the wire (e.g. activity LEDs flashing on board and
>> network switch), nothing is reported by Wireshark.  It would be nice to
>> know what it was thinking...
> Wireshark will show all the packets it receives though it may tag them 
> as malformed or show them as having an invalid checksum or something 
> like that.  But Wireshark will show everything it gets.
Thanks, Jeff!  I just wanted confirmation on this point - it allowed me
to believe my tools, and focus on the real problem - hence, I resolved it!
> PCAP (from tcpdump.org) or WinPcap (winpcap.org), which is what 
> Wireshark uses for capturing, have some rules, but generally they'll 
> send up whatever the interface gives them.
> The real question is probably what is the interface giving PCAP and 
> that's probably hardware dependent in the case of bogus packets.
> But, you also said "switch" so have you read 
> http://wiki.wireshark.org/CaptureSetup ?
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users