OK. I have installed 4.1.1 and checked to see if the 'vanishing
interface' problem still happened. Yes, it does. But I don't think
that it is largely a Winpcap problem. I think that I have figured out
what is happening...
My machine has a proxy front end. After the key exchange, the
TCP/HTTP protocol traffic is forwarded and becomes SSH protocol
traffic. What I think is happening is that the WAN people are running
multiple DNS queries. One in the beginning and others later. Since
the first query produces an IP before I log onto my proxy and the
subsequent query produces a different (yet consistent) IP, they are
dropping the connection. My proxy is trying to rebound and do another
key exchange, etc. but ultimately, the proxy crashes. Often when this
happens, I have to restart everything. This is the scenario that I
believe is largely causing the interface to disappear. The ungraceful
exits. I believe the problem lies with the extra WAN DNS checks.
I also believe that these WAN activities are causing some malformed
packets as well.
Thanks again
On 5/24/10, M K <gedropi@xxxxxxxxx> wrote:
> Don't know. I will try and get back with you. thanks
>
> On 5/24/10, Gianluca Varenni <gianluca.varenni@xxxxxxxxxxxx> wrote:
>> Does 4.1.1 show the same issue?
>>
>> GV
>>
>> --------------------------------------------------
>> From: "M K" <gedropi@xxxxxxxxx>
>> Sent: Monday, May 24, 2010 11:38 AM
>> To: "Community support list for Wireshark"
>> <wireshark-users@xxxxxxxxxxxxx>
>> Subject: Re: [Wireshark-users] Vanishing interface
>>
>>> Typo. 4.0.2 Sorry
>>> On 5/24/10, Gianluca Varenni <gianluca.varenni@xxxxxxxxxxxx> wrote:
>>>> There is no WinPcap 4.2. The latest version is 4.1.1.
>>>>
>>>> Have a nice day
>>>> GV
>>>>
>>>> --------------------------------------------------
>>>> From: "M K" <gedropi@xxxxxxxxx>
>>>> Sent: Monday, May 24, 2010 8:57 AM
>>>> To: "Community support list for Wireshark"
>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>> Subject: Re: [Wireshark-users] Vanishing interface
>>>>
>>>>> I am using 4.2. Yes, it has happened again but this time I was able
>>>>> to get it back without waiting until the next day. Thanks
>>>>>
>>>>> On 5/24/10, Gianluca Varenni <gianluca.varenni@xxxxxxxxxxxx> wrote:
>>>>>> This is most probably a WinPcap issue, and not a Wireshark one.
>>>>>>
>>>>>> Which version of WinPcap are you using?
>>>>>> When you encounter the issue, can you please report a bug as
>>>>>> explained
>>>>>> here:
>>>>>>
>>>>>> http://www.winpcap.org/bugs.htm
>>>>>>
>>>>>> Have a nice day
>>>>>> GV
>>>>>>
>>>>>>
>>>>>> --------------------------------------------------
>>>>>> From: "M K" <gedropi@xxxxxxxxx>
>>>>>> Sent: Sunday, May 23, 2010 9:22 AM
>>>>>> To: "Community support list for Wireshark"
>>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>>> Subject: [Wireshark-users] Vanishing interface
>>>>>>
>>>>>>> Currently I am using this low-end machine (Windows 2000 OEM, dial
>>>>>>> up)
>>>>>>> for passive monitoring to debug application, firewall, security and
>>>>>>> LAN issues via the generic adaptor & the WAN (PPP/SLIP) interfaces
>>>>>>> working in tandem. This has worked very well. Or, at least, until
>>>>>>> yesterday.
>>>>>>>
>>>>>>> Yesterday, somehow I lost the WAN (PPP/SLIP) interface. Without
>>>>>>> that
>>>>>>> interface, there was no capturing - unless one performs the
>>>>>>> installation of the virtual loopback adapter.
>>>>>>>
>>>>>>> Here is what I did. When the WAN interface vanished yesterday, I
>>>>>>> attempted to restart the box and then log on with WS. No Wan
>>>>>>> interface. Today I booted up and again started up WS. Today both
>>>>>>> interfaces were back.
>>>>>>>
>>>>>>> Here's my question: Why did I loose the interface in the first
>>>>>>> place?
>>>>>>> Since this interface originates from the WAN (for which I have no
>>>>>>> visibility) could this be a DCHP lease issue or an ACL issue or ?
>>>>>>>
>>>>>>> Many thanks.
>>>>>>> ___________________________________________________________________________
>>>>>>> Sent via: Wireshark-users mailing list
>>>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>>>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>>>>
>>>>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>>>
>>>>>> ___________________________________________________________________________
>>>>>> Sent via: Wireshark-users mailing list
>>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>>>
>>>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>>>
>>>>> ___________________________________________________________________________
>>>>> Sent via: Wireshark-users mailing list
>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>>
>>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>
>>>> ___________________________________________________________________________
>>>> Sent via: Wireshark-users mailing list
>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>
>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>
>>> ___________________________________________________________________________
>>> Sent via: Wireshark-users mailing list
>>> <wireshark-users@xxxxxxxxxxxxx>
>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>
>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives: http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>
>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
>
