This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Bogus IPv4 version

0

Hello all. Seems from time to time, people ask about this. I am trying to export traffic from a Cisco router and interestingly, while packets going out the router interface are correctly interpreted by Wireshark, all incoming packets fail as bogus ipv4 version.

From what I found, the "Support packet capture from TSO-enabled hardware" should have been fixing this years ago, however it is not doing me any good.

Now, if I capture the traffic on the router, and export the capture file to be open by Wireshark, it decodes on both directions - exactly as it should.

The details, if they do any good: The router interface I'm trying to capture is a Dialer interface, receiving PPPoE data. The just updated Wireshark 2.0.1 (and previous v2.0.0) x64 runs on a Windows 10 x64. NIC is a Qualcomm Atheros AR-8161 (not a KillerNIC).

E: As a side note, IPv6 packets captured live from the same interface are decoded just right.

Thanks and regards,

asked 14 Jan '16, 16:45

HQuest's gravatar image

HQuest
6113
accept rate: 0%

edited 14 Jan '16, 17:31


One Answer:

0

We'd have to see the capture to figure out what the problem is. Please file a bug on the Wireshark Bugzilla and attach a capture that shows this problem.

answered 14 Jan '16, 18:16

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Bug 12012 submitted. Thanks for the guidance.

(14 Jan '16, 20:08) HQuest