Wireshark-users: [Wireshark-users] Why do I get so many malformed packets
From: János Löbb <janos.lobb@xxxxxxxx>
Date: Fri, 19 Mar 2010 17:25:43 -0400
Hi,

We have some intermittent "slowdown" issues at a particular location. Users connecting to DFS drives by going through two firewalls experience serious slowdowns of their machine. Shortly after they disconnect from the DFS drives the machines regain their vigor. I went through the following theories:

1. The communication is hindered by one of the firewalls, so the machine listens a lot for network traffic and that is the cause.

2. Because the machines are mostly PCs, maybe they are attacked by a virus and that cause them to slow down.

3. The Cisco switch where the machines are connected might not have the latest software and that cause the slowdown.

I did multiple Wireshark captures during the course of two months, and there were patterns suggesting the above scenarios. Unfortunately a capture after a few days always pointed to some other direction. Otherwise the traffic looked "OK" at every capture with no errors or warnings and with just a few notes and chats in the Expert Info.

Two days ago I did another capture. The capturing PC is a VmWare virtual machine on my Macintosh running Windows XP with Service pack 3. The version of WireShark is 1.2.6. At this time from the 1677 packets captured 1527 erred out and had 59 warnings.

I attache the capture file.

What could have been the cause of so many malformed packets ?

I did the same test today at about the same time and found no errors or warnings. Very puzzling. I attache the file from today too.

Thanks ahead,

János



Attachment: cap_3-16-2010 1stfloor 13-02-53.pcap
Description: Binary data

 

Attachment: cap_3-18-2010_1stfloor_switch3_port2_atplate.pcap
Description: Binary data