[Todd Kleinsasser <Todd.Kleinsasser@xxxxxxxx>]

Hello everyone, I am having an issue where I use a gigamon gigasmart card to slice a packet and add a trailer.  As far as I can tell gigasmart is doing this correctly.  However, when I open a capture up in wireshark it appears wireshark is not decoding the trailer correctly.  I really have two issues.

 

First, if the packet is not sliced wireshark decodes the trailer correctly.  However, for any packet that is sliced by a gigasmart card there is no decode for the trailer.  It appears the trailer is actually there by looking at the hex, however wireshark does not recognize it. 

 

Second problem is, Wireshark does not know the packets were sliced.  All of the TCP analysis is off because wireshark is calculating the packet size wrong.  It appears wireshark is calculating the TCP payload length by taking the packet size it saw on the wire (which has been sliced) – Ethernet header – IP header – TCP header.  Doesn’t appear to be using the IP packet length in the calculation.  Because of this wireshark is reporting ton of TCP errors even though there really are none. 

 

Thanks for any help,

todd

---

All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.