Wireshark-users: Re: [Wireshark-users] [Winpcap-bugs] RE: Starting Wireshark CaptureBlocksNetwork

From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
Date: Tue, 13 Nov 2007 08:29:38 -0800
Joe,
 
unfortunately, there is no easy solution to the problem. Several VPN clients use a mix of layers to tunnel the traffic (a lot of them use a virtual network miniport and an intermediate driver). WinPcap sits on top of this stack, and quite frequently cannot capture all the traffic going on such virtual interfaces, or rather even block the traffic. This behavior is still not clear to us (and it doesn't seem to be documented anywhere in the Microsoft documentation). 
 
I hate to say that: unfortunately WinPcap does not support such VPN client.
 
Have a nice day
GV
 
----- Original Message -----
Sent: Tuesday, November 13, 2007 7:00 AM
Subject: [Winpcap-bugs] RE: [Wireshark-users] Starting Wireshark CaptureBlocksNetworkTraffic

You're definitely right about it being WinPCap... I get the same result when simply running windump on that interface..  My situation is a little different than the gentleman's that started this thread..
 
1) I have NO software firewall running
2) I am using AT&T AGN client 6.3
 
When attempting to capture, I am capturing on the VPN Interface... I can see the outbound packets but no responses come back... This gives the appearance of network traffic being blocked completely because applications are not getting their responses.  Once I stop the capture, normal operation resumes.
 
Joe Morsbach
Sr. Technical Specialist
AT&T Integrated Mobile Services
908.824.9007 (Single Reach)
AIM: sta49fireboy
Yahoo!: sta49fireboy

 


From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Gianluca Varenni
Sent: Monday, November 12, 2007 4:28 PM
To: Community support list for Wireshark
Cc: winpcap-bugs2
Subject: Re: [Wireshark-users] Starting Wireshark Capture BlocksNetworkTraffic

This is definitely a WinPcap issue and not a wireshark one (wireshark receives packets from WinPcap).
 
I would say that either the Symantec firewall, the VPN client or the AT&T ipsec client (is that an ipsec client or a firewall) are interacting really badly with the WinPcap protocol driver.
 
Can you please try disabling the AT&T firewall? Also, from which adapter are you trying to capture? The ethernet adapter or on the VPN?
 
Have a nice day
GV
 
----- Original Message -----
Sent: Monday, November 12, 2007 12:03 PM
Subject: Re: [Wireshark-users] Starting Wireshark Capture Blocks NetworkTraffic

Was there ever resolution to this?  I am having the same trouble.
 
Thanks
 
 
From: David Pruitt <djpruitt@xxxxxxxxxx>
Date: Fri, 6 Apr 2007 11:28:18 -0400


AT&T Network Client - IBM Version 5.09.2
Firewall name and version is AT&T IPSec Application version 5.09.2
Service is Managed VPN - IPSec Dual Access
Microsoft Windows XP 5.01.2600 SP2

Also have Symantec Client Firewall installed but currently disabled.



Thank You!

David J. Pruitt




"Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
Sent by: wireshark-users-bounces@xxxxxxxxxxxxx

04/06/2007 11:13 AM
Please respond to
Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>

To
"Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
cc
Subject
Re: [Wireshark-users] Starting Wireshark Capture Blocks Network        Traffic





Which VPN client are you using?
 
Have a nice day
GV
----- Original Message -----
From: David Pruitt
To: wireshark-users@xxxxxxxxxxxxx
Sent: Friday, April 06, 2007 7:52 AM
Subject: [Wireshark-users] Starting Wireshark Capture Blocks Network Traffic


Hello,


I downloaded and installed Wireshark version 0.99.5 with WinPcap 4.0 and am trying to capture some detailed TCP/IP packet transmissions from my client application connecting via DSL using VPN software to connect to a remote server on my business WAN.  Once I start the Wireshark capture, all of my applications on the client side cannot connect to my work network over the VPN connection.  I am able to access other web sites not using the VPN.     Any suggestions would be appreciated.


Thank You!

David J. Pruitt


_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


_______________________________________________
Winpcap-bugs mailing list
Winpcap-bugs@xxxxxxxxxxx
https://www.winpcap.org/mailman/listinfo/winpcap-bugs