This is our old Q&A Site. Please post any new questions and answers at

Hello all. Seems from time to time, people ask about this. I am trying to export traffic from a Cisco router and interestingly, while packets going out the router interface are correctly interpreted by Wireshark, all incoming packets fail as bogus ipv4 version.

From what I found, the "Support packet capture from TSO-enabled hardware" should have been fixing this years ago, however it is not doing me any good.

Now, if I capture the traffic on the router, and export the capture file to be open by Wireshark, it decodes on both directions - exactly as it should.

The details, if they do any good: The router interface I'm trying to capture is a Dialer interface, receiving PPPoE data. The just updated Wireshark 2.0.1 (and previous v2.0.0) x64 runs on a Windows 10 x64. NIC is a Qualcomm Atheros AR-8161 (not a KillerNIC).

E: As a side note, IPv6 packets captured live from the same interface are decoded just right.

Thanks and regards,

asked 14 Jan '16, 16:45

HQuest's gravatar image

accept rate: 0%

edited 14 Jan '16, 17:31

We'd have to see the capture to figure out what the problem is. Please file a bug on the Wireshark Bugzilla and attach a capture that shows this problem.

permanent link

answered 14 Jan '16, 18:16

Guy%20Harris's gravatar image

Guy Harris ♦♦
accept rate: 19%

Bug 12012 submitted. Thanks for the guidance.

(14 Jan '16, 20:08) HQuest
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 14 Jan '16, 16:45

question was seen: 4,071 times

last updated: 14 Jan '16, 20:19

p​o​w​e​r​e​d by O​S​Q​A