Wireshark-users: Re: [Wireshark-users] Windows leaking packets that Wireshark doesn't detect!

From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Mon, 18 Jun 2007 17:39:07 +0200

On Sun, Jun 17, 2007 at 12:09:55PM +0800, Surg Junk wrote:
> A few days ago I noticed on the status page of my wireless connection that I
> was constantly sending packets, far more packets than I was receiving.
> Believing this to be suspicious I ran virus and spyware scans, disabled any
> unnecessary services, ended any process I knew I didn't require but still
> couldn't trace the cause of the leaky packets.
> 
> I then used wireshark thinking this would definitely lead me to the source
> of the packets but having ran the scan a number of times, it doesn't produce
> any results. That's not to say wireshark isn't working. If I start up
> internet explorer or irc, wireshark immediately captures and displays the
> packets but if I just have wireshark capturing and nothing else running, I
> can see the sent packets going up on the wireless connection status page but
> nothing is captured.

On windows, wireshark has problems capturing on wireless interfaces.
Maybe that is the problem. Please see
http://wiki.wireshark.org/CaptureSetup and then check the wireless
link on that page.

 ciao
      Joerg
-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.