在wireshark上面看到一些行是紅色或者是黑色的是什麼意思?
紅色142 216.616214 119.75.213.51 xxx.xxx.xxx.xxx(自己的ip address) TCP http > 43019 [RST] Seq=1 Win=0 Len=0
黑色458 325.427255 222.73.18.185 xxx.xxx.xxx.xxx(自己的ip address) TCP [TCP Dup ACK 457#1] http > 32837 [ACK] Seq=135 Ack=631 Win=7168 Len=0 TSV=3867790237 TSER=476893
當我連不上百度時,就看到這些,其他時候,我看到的到是綠色的行,filter 為udp,tcp,http.
有關wireshark的問題?
版面规则
我们都知道新人的确很菜,也喜欢抱怨,并且带有浓厚的Windows习惯,但既然在这里询问,我们就应该有责任帮助他们解决问题,而不是直接泼冷水、简单的否定或发表对解决问题没有任何帮助的帖子。乐于分享,以人为本,这正是Ubuntu的精神所在。
我们都知道新人的确很菜,也喜欢抱怨,并且带有浓厚的Windows习惯,但既然在这里询问,我们就应该有责任帮助他们解决问题,而不是直接泼冷水、简单的否定或发表对解决问题没有任何帮助的帖子。乐于分享,以人为本,这正是Ubuntu的精神所在。
-
syslight2020
- 帖子: 55
- 注册时间: 2008-05-10 16:33
- 联系:
-
佚之狐L
- 帖子: 840
- 注册时间: 2008-01-28 13:02
Re: 有關wireshark的問題?
Sometimes outgoing TCP packets appear black with red Text and the TCP Checksum is marked as incorrect with the note [incorrect, should be xxxx (maybe caused by "TCP checksum offload"?)].
This is the case when your network adapter has the option called (TCP) Checksum Offload or similar, like newer Gigabit ethernet cards. When this option is enabled, the network adapter will calculate the checksum by itself, making the CPU not have to do this work. As Wireshark captures the packets before they get to the network adapter it won't see the correct checksum because it has not been calculated yet.
You can disable the option "Check the validity of the TCP checksum when possible" in the TCP dissector preferences if desired, so Wireshark won't check that any more.
If you are experiencing network problems and while trying to figure it out with Wireshark you found these checksum errors, you may have a network card with TCP checksum offload enabled and for some reason the packet is not being fixed by the adapter (NAT, bridge or route redirection is sending the packet to another interface). In this case, you may want to check and disable checksum offload for the adapter, if possible.
On Linux, this is done with the ethtool command.
To check:
To disable:
Or, with some 3Com cards (see 3c59x vortex docs):
This is the case when your network adapter has the option called (TCP) Checksum Offload or similar, like newer Gigabit ethernet cards. When this option is enabled, the network adapter will calculate the checksum by itself, making the CPU not have to do this work. As Wireshark captures the packets before they get to the network adapter it won't see the correct checksum because it has not been calculated yet.
You can disable the option "Check the validity of the TCP checksum when possible" in the TCP dissector preferences if desired, so Wireshark won't check that any more.
If you are experiencing network problems and while trying to figure it out with Wireshark you found these checksum errors, you may have a network card with TCP checksum offload enabled and for some reason the packet is not being fixed by the adapter (NAT, bridge or route redirection is sending the packet to another interface). In this case, you may want to check and disable checksum offload for the adapter, if possible.
On Linux, this is done with the ethtool command.
To check:
代码: 全选
ethtool --show-offload ethX代码: 全选
ethtool --offload ethX rx off tx off代码: 全选
rmmod 3c59x ; modprobe 3c59x hw_checksums=0携书弹剑走黄沙,瀚海天山处处家;
大漠西风飞翠羽,江南八月看桂花
大漠西风飞翠羽,江南八月看桂花
-
syslight2020
- 帖子: 55
- 注册时间: 2008-05-10 16:33
- 联系:
Re: 有關wireshark的問題?
thank you for your respond
-
tenzu
- 论坛版主
- 帖子: 36924
- 注册时间: 2008-11-21 20:26
Re: 有關wireshark的問題?
It ought to be a noun after "your", therefore "response" is correct.syslight2020 写了:thank you for your respond
I prefer "reply".
-
tyeken8
- 帖子: 21
- 注册时间: 2008-10-15 18:53
Re: 有關wireshark的問題?
response?tenzu 写了:It ought to be a noun after "your", therefore "response" is correct.syslight2020 写了:thank you for your respond
I prefer "reply".
-
syslight2020
- 帖子: 55
- 注册时间: 2008-05-10 16:33
- 联系:
Re: 有關wireshark的問題?
ha ha.........careless