问题:
- wireshark抓包大于1500字节(如下图所示)
- wireshark抓包提示:[incorrect, should be xxxx (maybe caused by "TCP checksum offload"?)]
原因:
wireshark是在数据包经过cpu,送到网卡处理之前抓取的。现在操作系统上的网卡大多有一个功能,帮助cpu减轻负担,网卡承担了将segment分段和对数据包进行checksum的工作。
wireshark抓取的数据包还需要网卡进行下一步的分段和checksum,所以我们看到数据包有2000多字节。
解决办法:
disable操作系统网卡的large sender offload 和 check sum offload功能。
1. windows操作。在控制面板,网络连接,网卡属性,配置,高级设置,windows 10 截图如下:
- Linux操作。
查看:ethtool --show-offload ethX
+++++++++++++++++++++++++++++++++++++++++++++++
[[email protected] ~]# ethtool --show-offload ens33
Features for ens33:
rx-checksumming: off
tx-checksumming: on
tx-checksum-ipv4: off [fixed]
tx-checksum-ip-generic: on
tx-checksum-ipv6: off [fixed]
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
scatter-gather: on
tx-scatter-gather: on
tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: on
tx-tcp-segmentation: on
tx-tcp-ecn-segmentation: off [fixed]
tx-tcp6-segmentation: off [fixed]
tx-tcp-mangleid-segmentation: off
+++++++++++++++++++++++++++++++++++++++++++++++
配置取消网卡分段功能: ethtool -K ens33 tso off+++++++++++++++++++++++++++++++++++++++++++++++
[[email protected] ~]# ethtool -K ens33 tso off
[[email protected] ~]# ethtool --show-offload ens33
Features for ens33:
rx-checksumming: off
tx-checksumming: on
tx-checksum-ipv4: off [fixed]
tx-checksum-ip-generic: on
tx-checksum-ipv6: off [fixed]
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
scatter-gather: on
tx-scatter-gather: on
tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: off
tx-tcp-segmentation: off
tx-tcp-ecn-segmentation: off [fixed]
tx-tcp6-segmentation: off [fixed]
tx-tcp-mangleid-segmentation: off
+++++++++++++++++++++++++++++++++++++++++++++++
参考wireshark wiki : https://wiki.wireshark.org/CaptureSetup/Offloading
原文地址:http://blog.51cto.com/jsahz/2061719