wireshark,commview抓不到包的问题
wireshark,commview抓不到包的问题
参考资料:
TOE技术以及TOE网卡的工作原理 http://hpserver.blog.51cto.com/665945/168082
还有就是从wireshark网站的一篇文档,copy如下:
Wireshark-users: Re: [Wireshark-users] Query about capturing on Broadcom BMC5708C
Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Andrew Hood <ajhood@xxxxxxxxx>
Date: Mon, 05 Jan 2009 23:33:07 +1100
Gianluca Varenni wrote:
> Does the card have TOE (TCP Offloading Engine), also known as TCP Chimney?
> If that's the case, and Chimney is enabled, you won't be able to capture the
> TCP stream because the traffic goes directly from the TCP/IP protocol driver
> to the card (thru a "chimney"), and WinPcap (the capture engine used by
> Wireshark) cannot capture such traffic.
>
> If that's the case, the only workaround is disabling Chimney on such network
> adapter.
A quick Google search found various complaints about chimney screwing up
several products, most of them referencing Broadcom NICs. They all
recommended:
netsh int ip set chimney disable
or replacing the NICs with some from another manufacturer. As "Microsoft
Windows Server 2003 Scalable Networking Pack"
http://support.microsoft.com/kb/912222 is integrated into R2, switching
NICs may no longer work.
Sure enough, Wireshark now works.
I can also add Tivoli's Framework to the list, because disabling chimney
fixed that too.
> Have a nice day
Once I had the right command to "fix" the NIC we did.
--
There's no point in being grown up if you can't be childish sometimes.
-- Dr. Who
在电信的业务接入过程中,使用抓包软件wireshark,抓不到包,只能抓到tcp的三次握手,后面得tcp stream 都抓不到。
使用commview ,windump结果一样。
最终解决 ,使用cmd命令 netsh int ip set chimney DISABLED
网卡类型:Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
操作系统:windows 2003 sp2
使用commview ,windump结果一样。
最终解决 ,使用cmd命令 netsh int ip set chimney DISABLED
网卡类型:Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
操作系统:windows 2003 sp2
在windows2003 sp2中tcp chimney 是默认打开的,不管你用不用。
参考资料:
TOE技术以及TOE网卡的工作原理 http://hpserver.blog.51cto.com/665945/168082
还有就是从wireshark网站的一篇文档,copy如下:
Wireshark-users: Re: [Wireshark-users] Query about capturing on Broadcom BMC5708C
Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Andrew Hood <ajhood@xxxxxxxxx>
Date: Mon, 05 Jan 2009 23:33:07 +1100
Gianluca Varenni wrote:
> Does the card have TOE (TCP Offloading Engine), also known as TCP Chimney?
> If that's the case, and Chimney is enabled, you won't be able to capture the
> TCP stream because the traffic goes directly from the TCP/IP protocol driver
> to the card (thru a "chimney"), and WinPcap (the capture engine used by
> Wireshark) cannot capture such traffic.
>
> If that's the case, the only workaround is disabling Chimney on such network
> adapter.
A quick Google search found various complaints about chimney screwing up
several products, most of them referencing Broadcom NICs. They all
recommended:
netsh int ip set chimney disable
or replacing the NICs with some from another manufacturer. As "Microsoft
Windows Server 2003 Scalable Networking Pack"
http://support.microsoft.com/kb/912222 is integrated into R2, switching
NICs may no longer work.
Sure enough, Wireshark now works.
I can also add Tivoli's Framework to the list, because disabling chimney
fixed that too.
> Have a nice day
Once I had the right command to "fix" the NIC we did.
--
There's no point in being grown up if you can't be childish sometimes.
-- Dr. Who
6091
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
