I have recently come across a packet capture where the
Ethernet FCS was included but the FCS value was incorrect (for whatever reason
the transmitting device was padding the Ethernet header). Our team has
worked with the manufacturer and resolved the issue. My question is why
did Wireshark not flag this as an error? Is this something I can
configure Wireshark to do with a coloring rule and/or can this be changed on
future releases? I attempted the coloring rule but under the Ethernet protocol
I did not see FCS as an option. I do understand FCS is not always
captured but if it is and it is incorrect I would like to see this identified
by Wireshark if possible. Do any of you have any ideas or suggestions?
I am using Wireshark for Windows.
Source:
Cisco_17:c8:80 (00:23:04:17:c8:80)
Type:
IP (0x0800)
Trailer:
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC...
Frame
check sequence: 0xcccccccc [incorrect, should be 0x15ecccb4]
Thanks,
Charles
E-MAIL CONFIDENTIALITY NOTICE:
The contents of this e-mail message and
any attachments are intended solely for the
addressee(s) and may contain confidential
and/or legally privileged information. If you
are not the intended recipient of this message
or if this message has been addressed to you
in error, please immediately alert the sender
by reply e-mail and then delete this message
and any attachments. If you are not the
intended recipient, you are notified that
any use, dissemination, distribution, copying,
or storage of this message or any attachment
is strictly prohibited.
|