Wireshark-users: Re: [Wireshark-users] Vanishing interface

From: M K <gedropi@xxxxxxxxx>
Date: Wed, 26 May 2010 06:46:34 -0700
Continuing with the vanishing theme, here is what dialog box says that
I get when I click the button to start a capture:
The capture session could not be initiated (Error opening adapter: The
system cannot find the device specified. (20)).

Please check that "\Device\NPF_{2DDCBCB7-EB83-4A22-9E8D-BECAB4378027}"
is the proper interface.

When I go to the Capture>Interfaces menu item, both the Generic and
PPP Interfaces are listed.  If I click Start then the capture starts
normally.

On 5/24/10, M K <gedropi@xxxxxxxxx> wrote:
> OK.  I have installed 4.1.1 and checked to see if the 'vanishing
> interface' problem still happened.  Yes, it does.  But I don't think
> that it is largely a Winpcap problem.  I think that I have figured out
> what is happening...
>
> My machine has a proxy front end.  After the key exchange, the
> TCP/HTTP protocol traffic is forwarded and becomes SSH protocol
> traffic.  What I think is happening is that the WAN people are running
> multiple DNS queries.  One in the beginning and others later.  Since
> the first query produces an IP before I log onto my proxy and the
> subsequent query produces a different (yet consistent) IP, they are
> dropping the connection.  My proxy is trying to rebound and do another
> key exchange, etc. but ultimately, the proxy crashes. Often when this
> happens, I have to restart everything.  This is the scenario that I
> believe is largely causing the interface to disappear.  The ungraceful
> exits.  I believe the problem lies with the extra WAN DNS checks.
>
> I also believe that these WAN activities are causing some malformed
> packets as well.
>
> Thanks again
>
> On 5/24/10, M K <gedropi@xxxxxxxxx> wrote:
>> Don't know.  I will try and get back with you.  thanks
>>
>> On 5/24/10, Gianluca Varenni <gianluca.varenni@xxxxxxxxxxxx> wrote:
>>> Does 4.1.1 show the same issue?
>>>
>>> GV
>>>
>>> --------------------------------------------------
>>> From: "M K" <gedropi@xxxxxxxxx>
>>> Sent: Monday, May 24, 2010 11:38 AM
>>> To: "Community support list for Wireshark"
>>> <wireshark-users@xxxxxxxxxxxxx>
>>> Subject: Re: [Wireshark-users] Vanishing interface
>>>
>>>> Typo. 4.0.2  Sorry
>>>> On 5/24/10, Gianluca Varenni <gianluca.varenni@xxxxxxxxxxxx> wrote:
>>>>> There is no WinPcap 4.2. The latest version is 4.1.1.
>>>>>
>>>>> Have a nice day
>>>>> GV
>>>>>
>>>>> --------------------------------------------------
>>>>> From: "M K" <gedropi@xxxxxxxxx>
>>>>> Sent: Monday, May 24, 2010 8:57 AM
>>>>> To: "Community support list for Wireshark"
>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>> Subject: Re: [Wireshark-users] Vanishing interface
>>>>>
>>>>>> I am using 4.2.  Yes, it has happened again but this time I was able
>>>>>> to get it back without waiting until the next day.  Thanks
>>>>>>
>>>>>> On 5/24/10, Gianluca Varenni <gianluca.varenni@xxxxxxxxxxxx> wrote:
>>>>>>> This is most probably a WinPcap issue, and not a Wireshark one.
>>>>>>>
>>>>>>> Which version of WinPcap are you using?
>>>>>>> When you encounter the issue, can you please report a bug as
>>>>>>> explained
>>>>>>> here:
>>>>>>>
>>>>>>> http://www.winpcap.org/bugs.htm
>>>>>>>
>>>>>>> Have a nice day
>>>>>>> GV
>>>>>>>
>>>>>>>
>>>>>>> --------------------------------------------------
>>>>>>> From: "M K" <gedropi@xxxxxxxxx>
>>>>>>> Sent: Sunday, May 23, 2010 9:22 AM
>>>>>>> To: "Community support list for Wireshark"
>>>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>>>> Subject: [Wireshark-users] Vanishing interface
>>>>>>>
>>>>>>>> Currently I am using this low-end machine (Windows 2000 OEM, dial
>>>>>>>> up)
>>>>>>>> for passive monitoring to debug application, firewall, security and
>>>>>>>> LAN issues via the generic adaptor & the WAN (PPP/SLIP) interfaces
>>>>>>>> working in tandem.  This has worked very well.  Or, at least, until
>>>>>>>> yesterday.
>>>>>>>>
>>>>>>>> Yesterday, somehow I lost the WAN (PPP/SLIP) interface.  Without
>>>>>>>> that
>>>>>>>> interface, there was no capturing - unless one performs the
>>>>>>>> installation of the virtual loopback adapter.
>>>>>>>>
>>>>>>>> Here is what I did.  When the WAN interface vanished yesterday, I
>>>>>>>> attempted to restart the box and then log on with WS.  No Wan
>>>>>>>> interface.  Today I booted up and again started up WS.  Today both
>>>>>>>> interfaces were back.
>>>>>>>>
>>>>>>>> Here's my question:  Why did I loose the interface in the first
>>>>>>>> place?
>>>>>>>> Since this interface originates from the WAN (for which I have no
>>>>>>>> visibility) could this be a DCHP lease issue or an ACL issue or ?
>>>>>>>>
>>>>>>>> Many thanks.
>>>>>>>> ___________________________________________________________________________
>>>>>>>> Sent via:    Wireshark-users mailing list
>>>>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>>>>> Archives:    http://www.wireshark.org/lists/wireshark-users
>>>>>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>>>>>
>>>>>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>>>>
>>>>>>> ___________________________________________________________________________
>>>>>>> Sent via:    Wireshark-users mailing list
>>>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>>>> Archives:    http://www.wireshark.org/lists/wireshark-users
>>>>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>>>>
>>>>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>>>>
>>>>>> ___________________________________________________________________________
>>>>>> Sent via:    Wireshark-users mailing list
>>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>>> Archives:    http://www.wireshark.org/lists/wireshark-users
>>>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>>>
>>>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>>
>>>>> ___________________________________________________________________________
>>>>> Sent via:    Wireshark-users mailing list
>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>> Archives:    http://www.wireshark.org/lists/wireshark-users
>>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>>
>>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>>
>>>> ___________________________________________________________________________
>>>> Sent via:    Wireshark-users mailing list
>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>> Archives:    http://www.wireshark.org/lists/wireshark-users
>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>
>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>
>>> ___________________________________________________________________________
>>> Sent via:    Wireshark-users mailing list
>>> <wireshark-users@xxxxxxxxxxxxx>
>>> Archives:    http://www.wireshark.org/lists/wireshark-users
>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>
>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>
>>
>