Wireshark can capture only the packets that the packet capture library – libpcap on UNIX-flavored OSes, and the WinPcap port to Windows of libpcap on Windows – can capture, and libpcap/WinPcap can capture only the packets that the OS’s raw packet capture mechanism (or the WinPcap DRIVER, and the underlying OS NETWORKING code and network interface drivers, on Windows) will allow it to capture.

Unless the OS always supplies packets with errors such as invalid CRCs to the raw packet capture mechanism, or can be configured to do so, invalid CRCs to the raw packet capture mechanism, Wireshark – and other programs that capture raw packets, such as tcpdump – cannot capture those packets. You will have to determine whether your OS needs to be so configured and, if so, can be so configured, configure it if necessary and POSSIBLE, and make whatever changes to libpcap and the packet capture program you’re using are necessary, if any, to support capturing those packets.

Most OSes probably do not support capturing packets with invalid CRCs on Ethernet, and probably do not support it on most other link-layer types. Some drivers on some OSes do support it, such as some Ethernet drivers on FreeBSD; in those OSes, you might always get those packets, or you might only get them if you capture in promiscuous mode (you’d have to determine which is the case).

Note that libpcap does not currently supply to programs that use it an INDICATION of whether the packet’s CRC was invalid (because the drivers themselves do not supply that information to the raw packet capture mechanism); therefore, Wireshark will not indicate which packets had CRC errors unless the FCS was CAPTURED (see the next question) and you’re using Wireshark 0.9.15 and later, in which case Wireshark will check the CRC and indicate whether it’s correct or not.

Wireshark can capture only the packets that the packet capture library – libpcap on UNIX-flavored OSes, and the WinPcap port to Windows of libpcap on Windows – can capture, and libpcap/WinPcap can capture only the packets that the OS’s raw packet capture mechanism (or the WinPcap driver, and the underlying OS networking code and network interface drivers, on Windows) will allow it to capture.

Unless the OS always supplies packets with errors such as invalid CRCs to the raw packet capture mechanism, or can be configured to do so, invalid CRCs to the raw packet capture mechanism, Wireshark – and other programs that capture raw packets, such as tcpdump – cannot capture those packets. You will have to determine whether your OS needs to be so configured and, if so, can be so configured, configure it if necessary and possible, and make whatever changes to libpcap and the packet capture program you’re using are necessary, if any, to support capturing those packets.

Most OSes probably do not support capturing packets with invalid CRCs on Ethernet, and probably do not support it on most other link-layer types. Some drivers on some OSes do support it, such as some Ethernet drivers on FreeBSD; in those OSes, you might always get those packets, or you might only get them if you capture in promiscuous mode (you’d have to determine which is the case).

Note that libpcap does not currently supply to programs that use it an indication of whether the packet’s CRC was invalid (because the drivers themselves do not supply that information to the raw packet capture mechanism); therefore, Wireshark will not indicate which packets had CRC errors unless the FCS was captured (see the next question) and you’re using Wireshark 0.9.15 and later, in which case Wireshark will check the CRC and indicate whether it’s correct or not.