Wireshark-users: [Wireshark-users] Two questions on wireshark
Hello,
I am using Wireshark to test gigabit ethernet hw that we will maybe use. I have two issues now:
1: How good does Wireshark perform with gigabit ethernet? For example occasionally I have a burst of "ACKed Lost Segment" packets (about a dozen, sometimes more, sometimes less) coming from the hw we are testing. It looks like erroneous behavior by the component I am testing since there is very little time between these packets (some us's) but I wonder if maybe wireshark might miss some packets?
2: What are the reasons for wireshark to classify a packet as malformed? Occasionally there are packets in the dump that wireshark marks as "Malformed packets", however I now took a closer look at one of these packets and the LL, IP and TCP header look ok, the only things different from another packet not marked as malformed are sequence/ACK number and the checksum. Does wireshark interpret the contents of the TCP packet and mark them as malformed if there are special characters in it? I did my tests with files generated by dd'ing out of /dev/random, can this be the cause for this message? The receiver TCP/IP stacks ACKs the packets as it should so there seems to no big problem with this.
Thanks for answers,
sincerely Matthias Feurstein
