Wireshark-users: Re: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?

From: "Free Prefix" <free.prefix@xxxxxxxxx>
Date: Thu, 3 May 2007 14:15:06 +0200

"Large send offload" is disabled.
I have tried to play with several options on this network card but
always got the same results :(

On 5/3/07, Ulf Lamping <ulf.lamping@xxxxxx> wrote:

> -----Ursprüngliche Nachricht-----
> Von: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> Gesendet: 03.05.07 14:01:36
> An: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
> Betreff: Re: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?


>
> Jumbo frames?
>

Maybe, but I would guess that WinPcap can handle (Gigabit Ethernet) jumbo frames.


Maybe some kind of offloading work to the network card.

I think I've read about an NDIS (>= V6?) proposal to (optionally) offload the complete TCP/IP work to the network card "hardware". So the Winsock stack won't do a lot more than transferring socket data to the network card. I guess that WinPcap can't handle this, but I've never seen this "in the wild" so I don't know.

What does the Task Offload tab in the interface details display (menu: Capture/Interfaces/Details)?

Maybe there's an option in the network card driver to switch off offloading, you may try to play with the options ...

Regards, ULFL

_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users