This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

upgraded Ubuntu, tons of ‘TCP ACKed lost segment’ and other errors…

0

I couldn't find a similar thread, sorry if this is a dup...

I recently upgraded my Ubuntu 12.04 system, running the standard Wireshark 1.6.7, and am betting boatloads of "TCP ACKed lost segment" messages, as well as "TCP Previous segment lost", and sometimes I've even seen FCS errors. Some details about my environment:

  • Running VirtualBox for my Ubuntu systems
  • Host OS is Windows 8, Wireshark there runs fine without errors
  • Updated VMs are showing the errors above
  • On my lone un-updated Ubuntu system, it runs fine without errors
  • I've uninstalled and reinstalled multiple times with the same issue
  • I've compiled from the latest source on an updated system but have the same issue

I'm going to try installing a brand new Ubuntu 13.04 system, and will post the results, but if anybody has any ideas of what might be causing this, please send them my way. Thanks!

asked 23 Sep '13, 15:14

chuck-tallac's gravatar image

chuck-tallac
11112
accept rate: 0%


2 Answers:

0

This might be caused by 'offload' features enabled. Try disabling LRO TSO and GSO using the ethtool -k command

A nice writeup on the ethtool can be found here

answered 23 Sep '13, 22:19

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

edited 23 Sep '13, 22:56

Thanks for the suggestion mrEEde - plus I now know a lot about ethtool that I didn't know before. Unfortunately though, turning off all the offloads, even some you didn't mention explicitly, has not resolved the issue. I'm still getting these errors. Thanks for the info however.

(24 Sep '13, 08:29) chuck-tallac

0

Running VirtualBox for my Ubuntu systems
Host OS is Windows 8, Wireshark there runs fine without errors

Based on that information, I assume you're capturing on the bridged interface of VirtualBox on Windows 8.

If so, I'd like to refer you to similar problems posted here and in other forums.

https://www.google.com/?q=site:ask.wireshark.org+virtualbox
https://www.google.com/?q=virtualbox%20bridged%20wireshark

There seems to be an ever recurring problem with VirtualBox and sniffing on the bridged interface. Maybe the update of your virtual machine (including kernel and network driver) broke something (like the internal handling of the VM traffic by the VirtualBox bridged interface) and thus you don't see some packets in Wireshark, if you capture on the bridged interface.

Usually it works very well to use Wireshark within the virtual machine.

Regards
Kurt

answered 24 Sep '13, 08:36

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 24 Sep '13, 08:38

Thanks Kurt for the tip and pointers to those articles about wireshark and virtualbox. I suspect that you are correct regarding the updating of my VM causing some internal driver change that broke something in wireshark.

I am stuck in that I must use bridged mode since I'm running services on my VMs that require communication from other external devices. I will keep poking around and reading more hints like the ones you posted to see if there is a reasonable workaround.

Thanks again for the help!

(24 Sep '13, 08:51) chuck-tallac

some internal driver change that broke something in wireshark.

It did not break Wireshark. Most certainly it broke some functionality of the VirtualBox bridged interface ;-)

I will keep poking around and reading more hints like the ones you posted to see if there is a reasonable workaround.

I've never found or heard of a reliable workaround, except capturing within the virtual machine.

(24 Sep '13, 13:11) Kurt Knochner ♦