Wireshark · Wireshark-dev: Re: [Wireshark-dev] Strangest thing ever !!! Captures only TCP 3-way handshake negotiation and not a

Wireshark-dev: Re: [Wireshark-dev] Strangest thing ever !!! Captures only TCP 3-way handshake n

From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>

Date: Thu, 10 May 2007 15:19:53 +0800



Free Prefix wrote:
[...]

When sniffing network traffic with Wireshark, I can see only the TCP
3-way handshake captured but not the traffic itself afterwards. This
happens using any winsock application including Internet explorer and
such , see attached: Browsing_through_iexplore.cap
The most bizarre thing is that if I am doing "telnet" to the same web
server and passing data through the connection I can indeed see the
traffic, see: Browsing_through_telnet.cap

I thought at first it could be a running Antivirus application or such
that at some level captures the network traffic to analyze viruses
before it reaches winpcap but I doubt it because no such application
exist on the server.

I wouldn't worry about AntiVirus software but rather VPN software. Anyof that installed?

References:
- [Wireshark-dev] Strangest thing ever !!! Captures only TCP 3-way handshake negotiation and not any data ?!?
  - From: Free Prefix

Prev by Date: Re: [Wireshark-dev] TCP: what is an out-of-order segment
Next by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 21716: /trunk/ /trunk/epan/: epan.c epan.h libwireshark.def proto.c proto.h /trunk/gtk/: about_dlg.c about_dlg.h main.c /trunk/tools/: make-dissector-reg make-dissector-reg.py /trunk/: dftest.c register.h ...
Previous by thread: [Wireshark-dev] Strangest thing ever !!! Captures only TCP 3-way handshake negotiation and not any data ?!?
Next by thread: [Wireshark-dev] Calling other dissectors and returning
Index(es):
- Date
- Thread