[Winpcap-users] Possible TOE / Chimney issue -packets not
showing up in Wireshark (resolved)
bryanm at widemile.com
Wed Dec 12 00:52:41 GMT 2007
Yup, it's totally a Chimney issue. It's awesome that the driver says TOE is disabled but Chimney is the cause anyways. Perhaps chimney is more or something different than TOE?
1) I started a capture and display filtered for ldap.
2) When I saw a bindrequest, I followed the tcp stream and ever saw the full traffic.
3) I returned to the display filter of ldap
4) I ran 'Netsh int ip set chimney DISABLED' on the server (according to the above kb article this is the only part of the 'scalable networking pack' (which is integrated into SP2) which can be disabled without a reboot. Other parts require registry mods and a reboot.)
5) Then I'd start seeing more than just bindrequests, and if I followed the tcp stream on any of these, you'll see the full traffic.
Renabling chimney goes back to producing limited package results.
From: winpcap-users-bounces at winpcap.org [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Bryan Mclellan
Sent: Tuesday, December 11, 2007 3:07 PM
To: winpcap-users at winpcap.org
Subject: [Winpcap-users] Possible TOE / Chimney issue, packets not showing up in Wireshark
I believe I have something similar to this: http://www.winpcap.org/pipermail/winpcap-users/2007-May/001837.html
I was first trying to troubleshoot a problem with Offline Address Books not downloading on our Exchange server. When I ran wireshark on the Exchange server and my workstation(windows xp), I saw significantly less traffic on the server.
Today I was trying to troubleshoot and LDAP problem against a DC from a Multifunction Copier. Running wireshark on the server, I was only seeing the threeway handshake and then the ldap bind request. There were no FIN or RST sequences. When I hooked up to the SPAN port I saw the entire TCP stream.
The other user in the linked message above reported having a Broadcom BCM5708C chip. Maybe the drivers / new chimney code is causing shenanigans that aren't visible.
On a Dell Poweredge 1955, Windows Server 2003 R2 Enterprise x64, with SP2.
Network is Broadcom BCM5708S NetXtreme II GigE (NDIS VBD Client) (x2, only one being used, the other is enabled without an IP)
Driver: bxnd52a.sys version 126.96.36.199 4/3/2006
In the driver properties:
Checksum Offload: None
Large Send Offload: Disable
Receive Side Scaling: Enable
In "Broadcom Advanced Control Suite 2" the Advanced tab has the same options and values.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Winpcap-users