Hello all. Seems from time to time, people ask about this. I am trying to export traffic from a Cisco router and interestingly, while packets going out the router interface are correctly interpreted by Wireshark, all incoming packets fail as bogus ipv4 version. From what I found, the "Support packet capture from TSO-enabled hardware" should have been fixing this years ago, however it is not doing me any good. Now, if I capture the traffic on the router, and export the capture file to be open by Wireshark, it decodes on both directions - exactly as it should. The details, if they do any good: The router interface I'm trying to capture is a Dialer interface, receiving PPPoE data. The just updated Wireshark 2.0.1 (and previous v2.0.0) x64 runs on a Windows 10 x64. NIC is a Qualcomm Atheros AR-8161 (not a KillerNIC). E: As a side note, IPv6 packets captured live from the same interface are decoded just right. Thanks and regards, asked 14 Jan '16, 16:45  HQuest edited 14 Jan '16, 17:31 |
One Answer:
We'd have to see the capture to figure out what the problem is. Please file a bug on the Wireshark Bugzilla and attach a capture that shows this problem. answered 14 Jan '16, 18:16  Guy Harris ♦♦ |
Bug 12012 submitted. Thanks for the guidance.