User profile for user: AyazMamud
AyazMamud Author
User level: Level 1
4 points

Wireshark : How to capture full Ethernet (link layer) header

I'm doing some research on network traffic analysis with Wireshark. Machine: Macbook Pro, Ventura 13.3.1(a). In Wireshark, I want to check the Ethernet (Data Link layer) headers. I have captured the trace (snapshot as below).


According to the OSI model, the Ethernet layer should have the following headers [Preamble, Dst MAC, Src MAC, Type, Data, FCS]. I am interested to check the FCS value. Unfortunately, I am unable to see this in Wireshark. It seems the NIC is dropping any bad FCS (not passing to Wireshark). Is there any way that I can force NIC to pass bad FCS to Wireshark for analysis?


Thank you,

Ayaz

MacBook Pro 13″, macOS 11.6

Posted on Jul 21, 2023 4:51 PM

Reply

Similar questions

1 reply
Sort By: 
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
133,569 points

Jul 21, 2023 5:10 PM in response to AyazMamud

I don’t know of a way to do that.


I would not expect a NIC to present a bad packet up to the host.


That processing is part of CSMA/CD, and happens in the NIC.


macOS does have a packet trace mode: Recording a Packet Trace | Apple Developer Documentation


When I have needed something similar, mirroring a switch port has worked well.


Maybe ask the folks that maintain the Wireshark app if they know of a way to do this? (Please let us know, too.)

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Wireshark : How to capture full Ethernet (link layer) header

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up