Wireshark-dev: Re: [Wireshark-dev] Problem with tcp_dissect_pdus
From: "John R." <[email protected]>
Date: Thu, 13 Jul 2006 12:04:59 -0700
On 7/13/06, Bogdana Botez <[email protected]> wrote:
Hi Gerhard,

I've had the same problem. Maybe this will help you:


At least on Windows, the packet display lights up like a firecracker
when TCP checksums are being offloaded.

I have a hard time understanding how the first packets could be
disassembled correctly and yet have this be a checksum offloading
problem. If it was checksum offloading, the high level dissector would
be disabled for every packet, right? None of his cases should have

Also, how does the offloading work? Would not inbound packets (to the
packet capture host) have a proper checksum?

In fact, I have this same exact issue with Ethereal and it is not
ameliorated in any way by disabling TCP checksums. Something else is
happening. It has to do with the "minimum size header" required (in my
case, 5 bytes) to determine packet length being split across tcp

The strange thing is that the bug only occurs on Windows for me but
not Linux. Platform dependent or, more likely, toolchain dependent

-- John.