Wireshark-users: [Wireshark-users] Ethernet FCS incorrect but not being flagged by Wireshark

From: "Gandy, Charles W" <Charles.Gandy@xxxxxxxxxxxxxx>
Date: Mon, 8 Dec 2008 11:44:33 -0600

I have recently come across a packet capture where the Ethernet FCS was included but the FCS value was incorrect (for whatever reason the transmitting device was padding the Ethernet header).  Our team has worked with the manufacturer and resolved the issue.  My question is why did Wireshark not flag this as an error?  Is this something I can configure Wireshark to do with a coloring rule and/or can this be changed on future releases?  I attempted the coloring rule but under the Ethernet protocol I did not see FCS as an option.  I do understand FCS is not always captured but if it is and it is incorrect I would like to see this identified by Wireshark if possible.  Do any of you have any ideas or suggestions?  I am using Wireshark for Windows.

 

 

Source: Cisco_17:c8:80 (00:23:04:17:c8:80)

Type: IP (0x0800)

Trailer: CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC...

Frame check sequence: 0xcccccccc [incorrect, should be 0x15ecccb4]

 

 

Thanks,

 

 

Charles

E-MAIL CONFIDENTIALITY NOTICE: 

 

 

 

The contents of this e-mail message and 
any attachments are intended solely for the 
addressee(s) and may contain confidential 
and/or legally privileged information. If you 
are not the intended recipient of this message 
or if this message has been addressed to you 
in error, please immediately alert the sender
 by reply e-mail and then delete this message 
and any attachments. If you are not the 
intended recipient, you are notified that 
any use, dissemination, distribution, copying, 
or storage of this message or any attachment 
is strictly prohibited.