Jumbo frames?
On 5/3/07, Free Prefix <free.prefix@xxxxxxxxx> wrote:
Hello All,
Recently I have encountered a very strange phenomenon happens on one
of our new servers.
Server details:
IBM XSeries_3550, Intel Xeon CPU 5130 @ 2 ghz
Network Card: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
WinPCap 4
Wireshark: 0.99.5
When sniffing network traffic with Wireshark, I can see only the TCP
3-way handshake captured but not the traffic itself afterwards. This
happens using any winsock application including Internet explorer and
such , see attached: Browsing_through_iexplore.cap
The most bizarre thing is that if I am doing "telnet" to the same web
server and passing data through the connection I can indeed see the
traffic, see: Browsing_through_telnet.cap
I thought at first it could be a running Antivirus application or such
that at some level captures the network traffic to analyze viruses
before it reaches winpcap but I doubt it because no such application
exist on the server.
I think the problem got more to do with WinPCap but still if someone
has a clue that would be great :)
Any thoughts around this ?
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
