Winpcap is what grabs the packets for Wireshark and it does see traffic before its evaluated by the windows firewall. If you are concerned about the firewall eating the traffic try turning it off and testing.
Some endpoint protection products also can eat network traffic, if you have anything like that loaded you might want to look at its logs / config.
Hope that helps
tim
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx]
On Behalf Of David Aldrich
Sent: Friday, March 02, 2012 3:21 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Question about Wireshark and the Windows Firewall
Hi
We have written a 32-bit console application using Visual C++ Express 2008 that receives UDP packets on port 30000 from another (non-Windows) machine. When running on Windows XP our app receives the packets, but when running on Windows 7 it does not. I have
configured Windows Firewall to open ports 30000-30002 to our application, so the packets should not be blocked.
Wireshark shows that the packets are indeed arriving at the PC. What I am not sure of is whether they are getting through the firewall. On what side of the firewall
does Wireshark snoop? If the packets are listed on Wireshark does it mean that they have got through the firewall?
Any suggestions or answers would be appreciated.
Best regards
David