Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Question about Wireshark and the Windows Firewall

Date: Fri, 2 Mar 2012 13:29:31 +0000

Winpcap is what grabs the packets for Wireshark and it does see traffic before its evaluated by the windows firewall. If you are concerned about the firewall eating the traffic try turning it off and testing. Some endpoint protection products also can eat network traffic, if you have anything like that loaded you might want to look at its logs / config.

Hope that helps

tim

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of David Aldrich
Sent: Friday, March 02, 2012 3:21 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Question about Wireshark and the Windows Firewall

 

Hi

We have written a 32-bit console application using Visual C++ Express 2008 that receives UDP packets on port 30000 from another (non-Windows) machine. When running on Windows XP our app receives the packets, but when running on Windows 7 it does not. I have configured Windows Firewall to open ports 30000-30002 to our application, so the packets should not be blocked.

 

Wireshark shows that the packets are indeed arriving at the PC.  What I am not sure of is whether they are getting through the firewall.  On what side of the firewall does Wireshark snoop?  If the packets are listed on Wireshark does it mean that they have got through the firewall?

Any suggestions or answers would be appreciated.

Best regards

David