你有没有曾经遇到一个问题, 在这个问题里你试图去trouble shoot网络连接的问题, 但是在抓取网络包的工具中仅仅只看到三次握手? 如果你使用Netmon 2.x, Netmon 3.x, Wireshark, Ethereal 和其他大多数的网络抓包工具的时候, 这都会出现.
这是一个相对的常识, 当TCP Chimney offload开启的时候这样的情况会发生, 但是通过注册表或者netsh关掉之后并总是会解决问题. TCP Chimney offload 允许TCP/IP的处理被转移到可以硬件处理TCP/IP的网络适配器上. TCP Chimney Offload的使用导致了网络通讯被转移到了我们使用的大多数的抓包工具监听的TCP/IP栈的更底层.
对这类问题初始的排错步骤就是通过Netsh关掉TCP Chimney Offload, 步骤如下, 这样做的好处是不需要重启机器.
使用Netsh.exe工具来关闭TCP Chimney by using the Netsh.exe tool:
- Click Start, click Run, type cmd, and then click OK.
- At the command prompt, type “Netsh int ip set chimney DISABLED” and then press ENTER.
然而, 这并不能改变在抓包工具中的显示的数据, 你应当继续, 关闭所有Scalable Network Pack 的特性, 详见Knowledge Base article 948496, 或者http://support.microsoft.com/kb/2570111
手动关闭RSS, NetDMA and TCP Offload, 步骤如下:
- Click Start , click Run , type regedit , and then click OK .
- Locate the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- Right-click EnableTCPChimney , and then click Modify.
- In the Value data box, type 0, and then click OK.
- Right-click EnableRSS, and then click Modify.
- In the Value data box, type 0, and then click OK.
- Right-click EnableTCPA, and then click Modify.
- In the Value data box, type 0, and then click OK.
- Exit Registry Editor, and then restart the computer.
Disabling Chimney with netsh and changed the registry values above will allow you to see all the traffic in most cases but not always. You may also need to look at the features related to TCP Chimney offload available on the Network card. To access these options, choose the configure button on the general tab of the adapters properties. This will bring up a Window similar to what is displayed below. The Advanced tab is where the changes will be made.
![image_c1ccbabf-472b-426f-b882-d0984d540298[1]](https://images.cnblogs.com/cnblogs_com/awpatp/WindowsLiveWriter/networktrafficTCPChimneyoffload_14B98/image_c1ccbabf-472b-426f-b882-d0984d540298%5B1%5D_07aaf4c4-def7-4d39-a2f6-89b3607c6434.png "image_c1ccbabf-472b-426f-b882-d0984d540298[1]")
The configurable options available vary depending on how the vendor implements the driver for Windows. Many network cards have features including Receive Side Scaling, TCP Checksum Offload and TCP Large Send Offload. Disabling the offload features of the network card will allow you to view all of the traffic in many cases where disabling the scalable network pack features in the OS doesn’t work. You should refer to the vendor’s documentation for specific steps on how to disable these features.
As a last resort you may have to disable chimney from a hardware perspective. Refer to the vendor’s documentation for specific information on how to disable offload features. Possible ways to do this vary, and may include settings on the NIC, jumpers on the motherboard, and/or configuration in System BIOS.
The effect of TCP Chimney offload on viewing network traffic