At least on Windows, the packet display lights up like a firecracker
when TCP checksums are being offloaded.
I have a hard time understanding how the first packets could be
disassembled correctly and yet have this be a checksum offloading
problem. If it was checksum offloading, the high level dissector would
be disabled for every packet, right? None of his cases should have
Also, how does the offloading work? Would not inbound packets (to the
packet capture host) have a proper checksum?
In fact, I have this same exact issue with Ethereal and it is not
ameliorated in any way by disabling TCP checksums. Something else is
happening. It has to do with the "minimum size header" required (in my
case, 5 bytes) to determine packet length being split across tcp
The strange thing is that the bug only occurs on Windows for me but
not Linux. Platform dependent or, more likely, toolchain dependent