Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Free Prefix" <free.prefix@xxxxxxxxx>
Date: Thu, 3 May 2007 14:06:50 +0200

Jumbo MTU is set to 1500 on the card if that helps ...

On 5/3/07, Luis Ontanon <luis.ontanon@xxxxxxxxx> wrote:

Jumbo frames?


On 5/3/07, Free Prefix <free.prefix@xxxxxxxxx> wrote:
> Hello All,
>
> Recently I have encountered a very strange phenomenon happens on one
> of our new servers.
>
> Server details:
> IBM XSeries_3550, Intel Xeon CPU 5130 @ 2 ghz
> Network Card: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
> WinPCap 4
> Wireshark: 0.99.5
>
> When sniffing network traffic with Wireshark, I can see only the TCP
> 3-way handshake captured but not the traffic itself afterwards. This
> happens using any winsock application including Internet explorer and
> such , see attached: Browsing_through_iexplore.cap
> The most bizarre thing is that if I am doing "telnet" to the same web
> server and passing data through the connection I can indeed see the
> traffic, see: Browsing_through_telnet.cap
>
> I thought at first it could be a running Antivirus application or such
> that at some level captures the network traffic to analyze viruses
> before it reaches winpcap but I doubt it because no such application
> exist on the server.
>
> I think the problem got more to do with WinPCap but still if someone
> has a clue that would be great :)
>
> Any thoughts around this ?
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
>


--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
  • References:
    • [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?
      • From: Free Prefix
    • Re: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?
      • From: Luis Ontanon
  • Prev by Date: Re: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?
  • Next by Date: Re: [Wireshark-users] Strangest thing ever !!! Captur es only TCP SYN handshake negotiation and not any data ?!?
  • Previous by thread: Re: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake negotiation and not any data ?!?
  • Next by thread: Re: [Wireshark-users] Strangest thing ever !!! Captur es only TCP SYN handshake negotiation and not any data ?!?
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation