Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why do I get so many malformed packets

From: János Löbb <janos.lobb () yale edu>
Date: Mon, 22 Mar 2010 14:01:03 -0400

On Mar 20, 2010, at 2:51 PM, Bill Meier wrote:


János Löbb wrote:

Two days ago I did another capture.  The capturing PC is a VmWare
virtual machine on my Macintosh running Windows XP with Service  
pack 3.
The version of WireShark is 1.2.6.  At this time from the 1677  
packets
captured 1527 erred out and had 59 warnings.

I attache the capture file.

What could have been the cause of so many malformed packets ?

I did the same test today at about the same time and found no  
errors or
warnings.  Very puzzling.  I attache the file from today too.




The short answer: In the first capture file many/most frames are  
missing
the last 4 bytes.

Did you do the two captures in exactly the same way ??

I've no idea why the first capture has many frames with missing bytes.

Something to do with capturing under VMWare ??

Some kind of issue wherein something in the capture path thought the
last 4 bytes were an ethernet FCS and removed them ??


(Maybe someone else (Guy Harris ?) can provide additional insight).



Hi Bill,

Yes I did the the two captures the same way.  I planned to use  
wireshark on the Macintosh side but for some reason Wireshark was  
unable to find the NIC card, so I had to do from the VMWare PC side.    
I will send a separate message with another topic on it.

I vaguely remember seeing an error message when I logged into Windows,  
like IOQ or IOP or IOR failed, but unfortunately I did not make a  
screenshot.  The machine was sluggish and slowed down from the GUI  
point of view

On the March 18th capture - same computer, same wall plate, same  
switch and port, same patch cable, I did not see any error message as  
I logged into windows and did the capture.  At this time I have not  
experienced any sluggishness.

Thanks,

János


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: