Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Question

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
Date: Wed, 4 Mar 2009 09:27:14 -0800

It's possible that your network card is doing TCP offloading (TCP chimney). In that case you will see only connection establishment packets, but not the data packets. In that case the only workaround is to disable TCP offloading (I think it's a property of the network card) to capture such packets.
 
Hope it helps
GV
----- Original Message -----
From: Dani Avni
To: wireshark-users@xxxxxxxxxxxxx
Sent: Tuesday, March 03, 2009 4:18 AM
Subject: [Wireshark-users] Question

We have a windows 2003 server that have been security hardened by another company. To debug some http traffic going to IIS on that server we installed wireshark on the server. When running wireshark we do see SYN, ACK and other packets going between the clients and the server but we do not see any data. After asking the company who hardened the server to remove their settings (we are still trying to get a list of all their settings), suddenly we do see data on the captured packets. Does anyone have any idea what what windows setting does that?

 

Thanks

Dani Avni

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
  • References:
    • [Wireshark-users] Question
      • From: Dani Avni
  • Prev by Date: Re: [Wireshark-users] TCP checksum off-by-one errors?
  • Next by Date: Re: [Wireshark-users] Reading multiple files in tcpdump
  • Previous by thread: [Wireshark-users] Question
  • Next by thread: [Wireshark-users] Can't get static URL for this radio station
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation