Deborah Charan wrote:
I am looking at TCP traffic between two machines. I would like to see
the actual packets, I don't want to see the whole stream, but instead
would like to know the actual number of packets. Since this is over
ethernet, the max size per packet should be ~1514 bytes.
My TCP packets have 10K or 8K ... I upgraded to Wireshark 1.2.1, I have
unchecked the TCP preference for "Allow subdisectors to reassemble TCP
streams", I have tried disabling TCP and IP dissection altogether, and
still the packets are thousands of bytes. Of course the ACKs are small,
and every packet is not huge, but I just want to see the packets.
I'm running on Ubuntu if that is important.
Any info would be appreciated.
Might be TCP segmentation offloading or Jumbo Frames...
Please see the message thread starting at:
http://www.wireshark.org/lists/wireshark-users/200806/msg00245.html
Also: a Google search 'site:wireshark.org "jumbo frames"' brings up
other hits about large frames.