J�nos L�bb wrote:
Two days ago I did another capture. The capturing PC is a VmWare
virtual machine on my Macintosh running Windows XP with Service pack 3.
The version of WireShark is 1.2.6. At this time from the 1677 packets
captured 1527 erred out and had 59 warnings.
I attache the capture file.
What could have been the cause of so many malformed packets ?
I did the same test today at about the same time and found no errors or
warnings. Very puzzling. I attache the file from today too.
The short answer: In the first capture file many/most frames are missing
the last 4 bytes.
Did you do the two captures in exactly the same way ??
I've no idea why the first capture has many frames with missing bytes.
Something to do with capturing under VMWare ??
Some kind of issue wherein something in the capture path thought the
last 4 bytes were an ethernet FCS and removed them ??
(Maybe someone else (Guy Harris ?) can provide additional insight).