Wireshark
the world's foremost network protocol analyzer
Wireshark-users: [Wireshark-users] Wireshark only capturing TCP handshake
From: John Temples <wireshark@xxxxxxxxx>
Date: Tue, 4 Mar 2008 10:57:38 -0800 (PST)
I'm trying to capture some incoming HTTP connections with Wireshark 0.99.8 on a Windows Server 2003 system. The only thing Wireshark captures is the three packets in the three-way handshake of the TCP connection; no other packets related to the connection are captured. However, the connection completes successfully. No capture filter is active in Wireshark. When running Wireshark on the PC that originates the connection, the entire transaction is successfully captured on the originating PC. When the connection originates from a PC on the same LAN as the Windows 2003 Server system, Wireshark on the Windows 2003 Server system successfully captures the entire transaction. The problem only occurs when the connection originates from the Internet. The LAN in question has a SonicWALL firewall with no special configuration. What could cause Wireshark not to see the entire connection? -- John W. Temples, III
- Follow-Ups:
- Re: [Wireshark-users] Wireshark only capturing TCP handshake
- From: Jaap Keuter
- Re: [Wireshark-users] Wireshark only capturing TCP handshake
- From: Hansang Bae
- Re: [Wireshark-users] Wireshark only capturing TCP handshake
- Prev by Date: Re: [Wireshark-users] tShark SSL Decryption Issue
- Next by Date: Re: [Wireshark-users] Wireshark only capturing TCP handshake
- Previous by thread: Re: [Wireshark-users] wimax question
- Next by thread: Re: [Wireshark-users] Wireshark only capturing TCP handshake
- Index(es):