Digging some more, I think it might be a WinPcap problem. If I'm
reading it right, WinPcap might have problems with NDIS network
drivers. My 64-bit servers in question are trying to sniff on a
Broadcom L2 NDIS network adapter. So far my 32-bit servers that I've
tested with have been Intel Pro 100s, so I don't have a 32-bit server
with an NDIS driver to test yet.
Thanks,
Scott
On 8/27/07, Scott Moseman <scmoseman@xxxxxxxxx> wrote:
>
> When I run 'dir //remote_server/c$' from a 64-bit Windows 2003 Server,
> I see the handshake packets but -not- any of the data packets
> afterwards. If I run it from a 32-bit Windows 2003 Server, I see all
> of the TCP and SMB traffic that comes after the handshake. Wireshark
> 0.99.6a is installed on all machines tested. Is there an
> incompatibility running it on 64-bit Windows? Any ideas how I collect
> packets on our 64-bit Windows servers?
>
> Thanks,
> Scott
>