Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Windows leaking packets that Wiresharkdoesn't detect!

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
Date: Mon, 18 Jun 2007 13:26:20 -0700
----- Original Message ----- From: "Joerg Mayer" <jmayer@xxxxxxxxx> 
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Sent: Monday, June 18, 2007 8:39 AM
Subject: Re: [Wireshark-users] Windows leaking packets that Wiresharkdoesn't detect! 



On Sun, Jun 17, 2007 at 12:09:55PM +0800, Surg Junk wrote:
A few days ago I noticed on the status page of my wireless connection that I 
was constantly sending packets, far more packets than I was receiving.
Believing this to be suspicious I ran virus and spyware scans, disabled any 
unnecessary services, ended any process I knew I didn't require but still
couldn't trace the cause of the leaky packets.
I then used wireshark thinking this would definitely lead me to the source of the packets but having ran the scan a number of times, it doesn't produce 
any results. That's not to say wireshark isn't working. If I start up
internet explorer or irc, wireshark immediately captures and displays the
packets but if I just have wireshark capturing and nothing else running, I can see the sent packets going up on the wireless connection status page but 
nothing is captured.


On windows, wireshark has problems capturing on wireless interfaces.
Maybe that is the problem. Please see
http://wiki.wireshark.org/CaptureSetup and then check the wireless
link on that page.
Well, if the user is able to capture packets sent by his browser, that might be something else. One of the things that could cause such issues is NDIS Intermediate drivers. WinPcap sits on top of them, so if you have some IM driver generating traffic on its own, WinPcap won't see it, but the statistics of your network card would probably increase. 

Just my two cents
GV







ciao
     Joerg
--
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
  • References:
    • [Wireshark-users] Windows leaking packets that Wireshark doesn't detect!
      • From: Surg Junk
    • Re: [Wireshark-users] Windows leaking packets that Wireshark doesn't detect!
      • From: Joerg Mayer
  • Prev by Date: Re: [Wireshark-users] Windows leaking packets that Wireshark doesn't detect!
  • Next by Date: Re: [Wireshark-users] Dissector and Packets Bytes Pane
  • Previous by thread: Re: [Wireshark-users] Windows leaking packets that Wireshark doesn't detect!
  • Next by thread: [Wireshark-users] GUI vs CMD mode
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation