I was troubleshooting with a client and they noticed that the client was sending 6k frames and seeing a lot of TCP ack errors. They asked me to look into it.
I immediately recognized what was going on and explained that most current network interfaces support offloading. This is basically where the protocol driver offloads processing to the network controller.
So what does this have to do with Wireshark? If you have “send offloading” enabled, you would probably see large packets in your traces. What’s happening is that the application sent a block of data and Wireshark is seeing it before the network controller segments it.
I walk you through this in more detail in the following video.
No comments:
Post a Comment
thanks for the message