Wireshark · Wireshark-users: Re: [Wireshark-users] Question

Wireshark-users: Re: [Wireshark-users] Question

From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>

Date: Wed, 4 Mar 2009 09:27:14 -0800

It's possible that your network card is doing TCP offloading (TCP chimney). In that case you will see only connection establishment packets, but not the data packets. In that case the only workaround is to disable TCP offloading (I think it's a property of the network card) to capture such packets.

Hope it helps

----- Original Message -----

From: Dani Avni

To: wireshark-users@xxxxxxxxxxxxx

Sent: Tuesday, March 03, 2009 4:18 AM

Subject: [Wireshark-users] Question

We have a windows 2003 server that have been security hardened by another company. To debug some http traffic going to IIS on that server we installed wireshark on the server. When running wireshark we do see SYN, ACK and other packets going between the clients and the server but we do not see any data. After asking the company who hardened the server to remove their settings (we are still trying to get a list of all their settings), suddenly we do see data on the captured packets. Does anyone have any idea what what windows setting does that?

Thanks

Dani Avni

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

References:
- [Wireshark-users] Question
  - From: Dani Avni

Prev by Date: Re: [Wireshark-users] TCP checksum off-by-one errors?
Next by Date: Re: [Wireshark-users] Reading multiple files in tcpdump
Previous by thread: [Wireshark-users] Question
Next by thread: [Wireshark-users] Can't get static URL for this radio station
Index(es):
- Date
- Thread