I setup a packet capture, headed to my desktop running wireshark. A wireless client is running an automated test against an access point. It first pings a server, then downloads a file via HTTP. In my packet capture, I see the client associate to the network, get a DHCP lease, and ping the server. All as expected. But when the HTTP transfer starts, I only see a stream of TCP ACK's from the client back to the server. I don't see any data packets. Wireshark reports them as "TCP ACKed unseen segment", which makes sense.
I'm suspecting it's an issue with packets larger than a certain size. Suspecting it was an issue with jumbo frames, I configured a port mirror on the AP's switch (with MTU = 9216), grabbed the UDP/5555 traffic there, and loaded it into wireshark. Same problem. So I don't think
Are there known issues with large frames in a packet capture?
Thanks!
Norman