Wireshark-users: Re: [Wireshark-users] Strangest thing ever !!! Captures only TCP SYN handshake n

From: "Free Prefix" <free.prefix@xxxxxxxxx>
Date: Thu, 3 May 2007 14:06:50 +0200
Jumbo MTU is set to 1500 on the card if that helps ...

On 5/3/07, Luis Ontanon <luis.ontanon@xxxxxxxxx> wrote:
Jumbo frames?


On 5/3/07, Free Prefix <free.prefix@xxxxxxxxx> wrote:
> Hello All,
>
> Recently I have encountered a very strange phenomenon happens on one
> of our new servers.
>
> Server details:
> IBM XSeries_3550, Intel Xeon CPU 5130 @ 2 ghz
> Network Card: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
> WinPCap 4
> Wireshark: 0.99.5
>
> When sniffing network traffic with Wireshark, I can see only the TCP
> 3-way handshake captured but not the traffic itself afterwards. This
> happens using any winsock application including Internet explorer and
> such , see attached: Browsing_through_iexplore.cap
> The most bizarre thing is that if I am doing "telnet" to the same web
> server and passing data through the connection I can indeed see the
> traffic, see: Browsing_through_telnet.cap
>
> I thought at first it could be a running Antivirus application or such
> that at some level captures the network traffic to analyze viruses
> before it reaches winpcap but I doubt it because no such application
> exist on the server.
>
> I think the problem got more to do with WinPCap but still if someone
> has a clue that would be great :)
>
> Any thoughts around this ?
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
>


--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users