Wireshark-users: Re: [Wireshark-users] Vanishing interface
From: M K <gedropi@xxxxxxxxx>
Date: Wed, 26 May 2010 06:46:34 -0700
Continuing with the vanishing theme, here is what dialog box says that
I get when I click the button to start a capture:
The capture session could not be initiated (Error opening adapter: The
system cannot find the device specified. (20)).
Please check that "\Device\NPF_{2DDCBCB7-EB83-4A22-9E8D-BECAB4378027}"
is the proper interface.
When I go to the Capture>Interfaces menu item, both the Generic and
PPP Interfaces are listed. If I click Start then the capture starts
normally.
On 5/24/10, M K <gedropi@xxxxxxxxx> wrote:
> OK. I have installed 4.1.1 and checked to see if the 'vanishing
> interface' problem still happened. Yes, it does. But I don't think
> that it is largely a Winpcap problem. I think that I have figured out
> what is happening...
>
> My machine has a proxy front end. After the key exchange, the
> TCP/HTTP protocol traffic is forwarded and becomes SSH protocol
> traffic. What I think is happening is that the WAN people are running
> multiple DNS queries. One in the beginning and others later. Since
> the first query produces an IP before I log onto my proxy and the
> subsequent query produces a different (yet consistent) IP, they are
> dropping the connection. My proxy is trying to rebound and do another
> key exchange, etc. but ultimately, the proxy crashes. Often when this
> happens, I have to restart everything. This is the scenario that I
> believe is largely causing the interface to disappear. The ungraceful
> exits. I believe the problem lies with the extra WAN DNS checks.
>
> I also believe that these WAN activities are causing some malformed
> packets as well.
>
> Thanks again
>
> On 5/24/10, M K <gedropi@xxxxxxxxx> wrote:
>> Don't know. I will try and get back with you. thanks
>>
>> On 5/24/10, Gianluca Varenni <gianluca.varenni@xxxxxxxxxxxx> wrote:
>>> Does 4.1.1 show the same issue?
>>>
>>> GV
>>>
>>> --------------------------------------------------
>>> From: "M K" <gedropi@xxxxxxxxx>
>>> Sent: Monday, May 24, 2010 11:38 AM
>>> To: "Community support list for Wireshark"
>>> <wireshark-users@xxxxxxxxxxxxx>
>>> Subject: Re: [Wireshark-users] Vanishing interface
>>>
>>>> Typo. 4.0.2 Sorry
>>>> On 5/24/10, Gianluca Varenni <gianluca.varenni@xxxxxxxxxxxx> wrote:
>>>>> There is no WinPcap 4.2. The latest version is 4.1.1.
>>>>>
>>>>> Have a nice day
>>>>> GV
>>>>>
>>>>> --------------------------------------------------
>>>>> From: "M K" <gedropi@xxxxxxxxx>
>>>>> Sent: Monday, May 24, 2010 8:57 AM
>>>>> To: "Community support list for Wireshark"
>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>> Subject: Re: [Wireshark-users] Vanishing interface
>>>>>
>>>>>> I am using 4.2. Yes, it has happened again but this time I was able
>>>>>> to get it back without waiting until the next day. Thanks
>>>>>>
>>>>>> On 5/24/10, Gianluca Varenni <gianluca.varenni@xxxxxxxxxxxx> wrote:
>>>>>>> This is most probably a WinPcap issue, and not a Wireshark one.
>>>>>>>
>>>>>>> Which version of WinPcap are you using?
>>>>>>> When you encounter the issue, can you please report a bug as
>>>>>>> explained
>>>>>>> here:
>>>>>>>
>>>>>>> http://www.winpcap.org/bugs.htm
>>>>>>>
>>>>>>> Have a nice day
>>>>>>> GV
>>>>>>>
>>>>>>>
>>>>>>> --------------------------------------------------
>>>>>>> From: "M K" <gedropi@xxxxxxxxx>
>>>>>>> Sent: Sunday, May 23, 2010 9:22 AM
>>>>>>> To: "Community support list for Wireshark"
>>>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>>>> Subject: [Wireshark-users] Vanishing interface
>>>>>>>
>>>>>>>> Currently I am using this low-end machine (Windows 2000 OEM, dial
>>>>>>>> up)
>>>>>>>> for passive monitoring to debug application, firewall, security and
>>>>>>>> LAN issues via the generic adaptor & the WAN (PPP/SLIP) interfaces
>>>>>>>> working in tandem. This has worked very well. Or, at least, until
>>>>>>>> yesterday.
>>>>>>>>
>>>>>>>> Yesterday, somehow I lost the WAN (PPP/SLIP) interface. Without
>>>>>>>> that
>>>>>>>> interface, there was no capturing - unless one performs the
>>>>>>>> installation of the virtual loopback adapter.
>>>>>>>>
>>>>>>>> Here is what I did. When the WAN interface vanished yesterday, I
>>>>>>>> attempted to restart the box and then log on with WS. No Wan
>>>>>>>> interface. Today I booted up and again started up WS. Today both
>>>>>>>> interfaces were back.
>>>>>>>>
>>>>>>>> Here's my question: Why did I loose the interface in the first
>>>>>>>> place?
>>>>>>>> Since this interface originates from the WAN (for which I have no
>>>>>>>> visibility) could this be a DCHP lease issue or an ACL issue or ?
>>>>>>>>
>>>>>>>> Many thanks.
>>>>>>>> ___________________________________________________________________________
>>>>>>>> Sent via: Wireshark-users mailing list
>>>>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>>>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>>>>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>>>>>
>>>>>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>>>>
>>>>>>> ___________________________________________________________________________
>>>>>>> Sent via: Wireshark-users mailing list
>>>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>>>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>>>>
>>>>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>>>>
>>>>>> ___________________________________________________________________________
>>>>>> Sent via: Wireshark-users mailing list
>>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>>>
>>>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>>
>>>>> ___________________________________________________________________________
>>>>> Sent via: Wireshark-users mailing list
>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>>
>>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>>
>>>> ___________________________________________________________________________
>>>> Sent via: Wireshark-users mailing list
>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>
>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>
>>> ___________________________________________________________________________
>>> Sent via: Wireshark-users mailing list
>>> <wireshark-users@xxxxxxxxxxxxx>
>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>
>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>
>>
>
- References:
- [Wireshark-users] Vanishing interface
- From: M K
- Re: [Wireshark-users] Vanishing interface
- From: Gianluca Varenni
- Re: [Wireshark-users] Vanishing interface
- From: M K
- Re: [Wireshark-users] Vanishing interface
- From: Gianluca Varenni
- Re: [Wireshark-users] Vanishing interface
- From: M K
- Re: [Wireshark-users] Vanishing interface
- From: Gianluca Varenni
- Re: [Wireshark-users] Vanishing interface
- From: M K
- Re: [Wireshark-users] Vanishing interface
- From: M K
- [Wireshark-users] Vanishing interface
- Prev by Date: Re: [Wireshark-users] local IPs from pcap file
- Next by Date: [Wireshark-users] Merging files duplicate acks & retransmissions
- Previous by thread: Re: [Wireshark-users] Vanishing interface
- Next by thread: [Wireshark-users] Playing G726_32 capture files.
- Index(es):