Wireshark-users: Re: [Wireshark-users] Query about capturing on Broadcom BMC5708C
Does the card have TOE (TCP Offloading Engine), also known as TCP Chimney?
If that's the case, and Chimney is enabled, you won't be able to capture the
TCP stream because the traffic goes directly from the TCP/IP protocol driver
to the card (thru a "chimney"), and WinPcap (the capture engine used by
Wireshark) cannot capture such traffic.
If that's the case, the only workaround is disabling Chimney on such network
adapter.
Have a nice day
GV
----- Original Message -----
From: "Andrew Hood" <ajhood@xxxxxxxxx>
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Sent: Monday, December 29, 2008 5:17 PM
Subject: [Wireshark-users] Query about capturing on Broadcom BMC5708C
I have a server (quad Xeon) with the above noted NICs running Windows
Server 2003R2 Enterprise Edition with PAE enabled.
Wireshark 1.0.5 appears to not see all the traffic. It must be there as
the application is working. Sometimes I can see the SYN/SYN+ACK/ACK but
not the rest of the stream. Sometimes I get the whole stream. I have
tried running w/s on all interfaces and the traffic is not arriving on
another interface.
Do you have to run wireshark as the local administrator or should anyone
with admin rights be able to see all the traffic?
--
There's no point in being grown up if you can't be childish sometimes.
-- Dr. Who
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe