Wireshark is unable to capture IPv4 packets with worng IHL or is Windows drop them before sending? asked 09 Jan '14, 06:58  dragos edited 09 Jan '14, 06:59 |
One Answer:
If you mean the IP header length by IHL, then yes: the capturing OS could have dropped the frames before Wireshark had a chance to see them. You can try to disable the IPv4 binding on the capturing interface. Depending on the OS, that might change the behavior. If however, the NIC driver dropped the frame (due to some IP and/or TCP offloading) or a router/firewall/etc. in front of your (capturing) system, disabling the IPv4 binding will have (most certainly) no effect, unless you disable IP and/or TCP offloading as well. Regards answered 09 Jan '14, 08:02  Kurt Knochner ♦ |
