[Winpcap-users] Possible TOE / Chimney issue, packets not showing
up in Wireshark
Bryan Kadzban
bryan at kadzban.is-a-geek.net
Wed Dec 12 00:27:25 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Bryan Mclellan wrote:
> I believe I have something similar to this:
> http://www.winpcap.org/pipermail/winpcap-users/2007-May/001837.html
If you're only seeing the SYN, SYN/ACK, ACK sequence and none of the
real data, then it's probably the TCP chimney offloading (junk) getting
in the way, yes. This is enabled by default with windows 2003 SP2.
MS has a KB article for how to turn it off:
http://support.microsoft.com/default.aspx?scid=kb;en-us;912222
although that article refers to the "scalable networking pack". But
that pack was included in SP2, and chimney-ing (or whatever you want to
call it) was turned on then as well, if you have an offload-capable NIC
and driver.
I'd recommend turning it off, especially if your server is only on a
gigabit (or smaller) link. If you ever have to do packet traces, it's
much more helpful to be able to see what your server is sending and
receiving.
> In the driver properties:
> Checksum Offload: None
> Large Send Offload: Disable
> Receive Side Scaling: Enable
RSS is part of the "scalable networking pack" above, as well. I'm not
sure if it prevents packets from being sent to NDIS protocol drivers,
though, so I don't know if it should be turned off or not...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHXyrtS5vET1Wea5wRAzHcAJ0dyETKLzVWYftbwWuQQSSEkTEjsQCdFBll
4dB0NaIPxaIPtIu8sx18Rxo=
=drEM
-----END PGP SIGNATURE-----
More information about the Winpcap-users
mailing list