Hi, Problem Statement: Tshark captured packet dump contains only TCP SYN / ACK packets. I am using tshark to capture tcp packets flowing towards the HTTP server and Database server. The machine on which tshark is installed is a Win 2K3 Server machine. The machine is having 3 NICs. Command Used: tshark -bfilesize10240 -p -f "tcp and (host 10.64.70.80 and host 10.64.70.81)" -w netpackets.pcap -i "3" Thanks, Sreeni asked 10 Feb '11, 20:45  sreeni |
2 Answers:
I suppose you're capturing on the HTTP/Database server - if not, you need to clarify how your setup looks like. Maybe the server is using one of the other NICs to transfer all the frames you don't see. I'd try to run a Wireshark instance on each of them at the same time to see if that is the case. If not, you have a weird capture problem where something isn't working like it should. answered 11 Feb '11, 08:47  Jasper ♦♦ |
We ran into this issue several years ago on Windows 2003 with Broadcom NIC (Intel NIC had no issue). Need to make registry change, then reboot: My ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters Change from 1 to 0 for: EnableRSS EnableTCPA EnableTCPChimney answered 11 Feb '11, 09:54  CKC |
