This is our old Q&A Site. Please post any new questions and answers at

I would like to see the "normal" behavior of TCP in wireshark, but I have discovered that (to save CPU) TCP sends large chunks of information to the NIC and the NIC actually performs the segmentation (based on MTU). From what I have read so far wireshark captures traffic data between TCP (the CPU) and the NIC, so the "normal" behavior of TCP is lost. Is there a way to force the segmentation of information to be done by TCP (old school) or perhaps to capture the packets in the NIC? I'm using Linux.

asked 21 Jan '13, 16:00

clod1977's gravatar image

accept rate: 0%

The best way to see packets as they are on the wire is to use a network TAP. Next best thing would be to use the span port of a managed switch.

Have a look at my comment on your comment on for hints on how to disable TSO in linux.

permanent link

answered 21 Jan '13, 16:11

SYN-bit's gravatar image

SYN-bit ♦♦
accept rate: 20%

basically, any method where you capture the packets somewhere between client and server (and not on any of them) will do the trick...

(21 Jan '13, 16:19) Jasper ♦♦

I'm pretty sure Opnet's Ace analyst (now ATX) has the ability to recode it using MTU. You're kind of cheating since you don't see it on the wire, but when you're dealing with VMs and modern day servers, it does come in handy for quick troubleshooting. It would be like the anti-"allow subdissector to reassemble packets" feature! :)

(21 Jan '13, 22:22) hansangb
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 21 Jan '13, 16:00

question was seen: 2,789 times

last updated: 21 Jan '13, 22:22

p​o​w​e​r​e​d by O​S​Q​A