Re: Why do I get so many malformed packets

[Bill Meier <wmeier () newsguy com>]

János Löbb wrote:
> Two days ago I did another capture.  The capturing PC is a VmWare 
> virtual machine on my Macintosh running Windows XP with Service pack 3.  
> The version of WireShark is 1.2.6.  At this time from the 1677 packets 
> captured 1527 erred out and had 59 warnings.
>
> I attache the capture file.
>
> What could have been the cause of so many malformed packets ?
>
> I did the same test today at about the same time and found no errors or 
> warnings.  Very puzzling.  I attache the file from today too.


The short answer: In the first capture file many/most frames are missing 
the last 4 bytes.

Did you do the two captures in exactly the same way ??

I've no idea why the first capture has many frames with missing bytes.

Something to do with capturing under VMWare ??

Some kind of issue wherein something in the capture path thought the 
last 4 bytes were an ethernet FCS and removed them ??


(Maybe someone else (Guy Harris ?) can provide additional insight).



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe