Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Luis Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Thu, 3 May 2007 14:01:04 +0200

Jumbo frames?


On 5/3/07, Free Prefix <free.prefix@xxxxxxxxx> wrote:

Hello All,

Recently I have encountered a very strange phenomenon happens on one
of our new servers.

Server details:
IBM XSeries_3550, Intel Xeon CPU 5130 @ 2 ghz
Network Card: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
WinPCap 4
Wireshark: 0.99.5

When sniffing network traffic with Wireshark, I can see only the TCP
3-way handshake captured but not the traffic itself afterwards. This
happens using any winsock application including Internet explorer and
such , see attached: Browsing_through_iexplore.cap
The most bizarre thing is that if I am doing "telnet" to the same web
server and passing data through the connection I can indeed see the
traffic, see: Browsing_through_telnet.cap

I thought at first it could be a running Antivirus application or such
that at some level captures the network traffic to analyze viruses
before it reaches winpcap but I doubt it because no such application
exist on the server.

I think the problem got more to do with WinPCap but still if someone
has a clue that would be great :)

Any thoughts around this ?

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users






--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
  • Follow-Ups:
    • Re: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?
      • From: Free Prefix
  • References:
    • [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?
      • From: Free Prefix
  • Prev by Date: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?
  • Next by Date: Re: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?
  • Previous by thread: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?
  • Next by thread: Re: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation