I am working on TCP Offload engine(for Iscsi). I am looking a way to capture those offloaded(to the chip) packets(TCP and Iscsi) with wireshark. My colleagues are saying that only 3rd party test equipment is the alternative(which sits in between iscsi initiator and iscsi target) for looking in to packets. I want to double confirm with experts here.Thanks. asked 09 Apr '13, 15:54  krishnayeddula edited 09 Apr '13, 15:54 |
One Answer:
If you want to see the real packets that actually were transferred on the network you need a device in the middle, or at least not on sender or receiver. You can't trust what you see on the sending PC. answered 09 Apr '13, 16:01  Jasper ♦♦ edited 09 Apr '13, 16:02 |
In my case both target and initiator are connected b2b.I am not worrying about the trust but a way to capture in this scenario(Where packets are offloaded to iscsi enabled chip).
By 'you can't trust' @Jasper meant: You (probably) can't capture offloaded packets. As you will never know for sure which packets will be offloaded, you can't trust any capture result on any of the involved machines. As he (and you colleagues) said: Capture the line with a TAP or a mirror port of a switch.