Benatar, Naisan wrote:
I'm looking for a way of looking at Lowlever ethernet errors and ideally
thier contents.
As indicated, getting the contents of the frames is difficult - in many
OSes (not just Windows), the adapter or driver will throw away packets
with low-level errors, so they aren't supplied to the mechanism libpcap
uses to capture packets, and hence tcpdump/WinDump/Wireshark/etc. don't
see them.
When I check the Statistics->Summary page in the details of the device it
has "Dropped packets" with the value Unknown. It would be very useful if
this actually gave the number of packets
the hardware was throwing away
Actually, no, it wouldn't. That statistic is intended to show the
number of packets dropped because Wireshark wasn't reading packets fast
enough to keep up with the capture stream; that's a useful statistic in
its own right, and should be preserved. (I'm not sure why it's shown as
"Unknown" in that case, if you did a live capture with Wireshark.)
Statistics such as the numbers of various types of link-layer errors
errors should be *separate* statistics. I think NDIS supports getting
those statistics, if the driver provides them, so there could be
platform-specific code in Wireshark to fetch them (ideally, that should
be done in libpcap/WinPcap; perhaps in a future release).
Note that the statistics won't necessarily exactly correspond to the
time when you're doing the capture, as the mechanism for getting those
statistics knows nothing about any packet captures in progress.
