[Winpcap-bugs] RE: [Wireshark-users] Starting Wireshark CaptureBlocksNetworkTraffic

Gianluca Varenni gianluca.varenni at cacetech.com
Tue Nov 13 16:29:38 GMT 2007 

Joe,

unfortunately, there is no easy solution to the problem. Several VPN clients use a mix of layers to tunnel the traffic (a lot of them use a virtual network miniport and an intermediate driver). WinPcap sits on top of this stack, and quite frequently cannot capture all the traffic going on such virtual interfaces, or rather even block the traffic. This behavior is still not clear to us (and it doesn't seem to be documented anywhere in the Microsoft documentation). 

I hate to say that: unfortunately WinPcap does not support such VPN client.

Have a nice day
GV

  ----- Original Message ----- 
  From: MORSBACH, JOSEPH R (JOE), ATTOPS 
  To: Community support list for Wireshark 
  Cc: winpcap-bugs2 
  Sent: Tuesday, November 13, 2007 7:00 AM
  Subject: [Winpcap-bugs] RE: [Wireshark-users] Starting Wireshark CaptureBlocksNetworkTraffic


  You're definitely right about it being WinPCap... I get the same result when simply running windump on that interface..  My situation is a little different than the gentleman's that started this thread..

  1) I have NO software firewall running
  2) I am using AT&T AGN client 6.3

  When attempting to capture, I am capturing on the VPN Interface... I can see the outbound packets but no responses come back... This gives the appearance of network traffic being blocked completely because applications are not getting their responses.  Once I stop the capture, normal operation resumes.

  Joe Morsbach
  Sr. Technical Specialist
  AT&T Integrated Mobile Services

  908.824.9007 (Single Reach)
  AIM: sta49fireboy
  Yahoo!: sta49fireboy





------------------------------------------------------------------------------
  From: wireshark-users-bounces at wireshark.org [mailto:wireshark-users-bounces at wireshark.org] On Behalf Of Gianluca Varenni
  Sent: Monday, November 12, 2007 4:28 PM
  To: Community support list for Wireshark
  Cc: winpcap-bugs2
  Subject: Re: [Wireshark-users] Starting Wireshark Capture BlocksNetworkTraffic


  This is definitely a WinPcap issue and not a wireshark one (wireshark receives packets from WinPcap).

  I would say that either the Symantec firewall, the VPN client or the AT&T ipsec client (is that an ipsec client or a firewall) are interacting really badly with the WinPcap protocol driver. 

  Can you please try disabling the AT&T firewall? Also, from which adapter are you trying to capture? The ethernet adapter or on the VPN?

  Have a nice day
  GV

    ----- Original Message ----- 
    From: MORSBACH, JOSEPH R (JOE), ATTOPS 
    To: wireshark-users at wireshark.org 
    Sent: Monday, November 12, 2007 12:03 PM
    Subject: Re: [Wireshark-users] Starting Wireshark Capture Blocks NetworkTraffic


    Was there ever resolution to this?  I am having the same trouble.

    Thanks


    From: David Pruitt <djpruitt at xxxxxxxxxx>
    Date: Fri, 6 Apr 2007 11:28:18 -0400


    AT&T Network Client - IBM Version 5.09.2 
    Firewall name and version is AT&T IPSec Application version 5.09.2 
    Service is Managed VPN - IPSec Dual Access 
    Microsoft Windows XP 5.01.2600 SP2 

    Also have Symantec Client Firewall installed but currently disabled. 



    Thank You!

    David J. Pruitt




          "Gianluca Varenni" <gianluca.varenni at xxxxxxxxxxxx> 
          Sent by: wireshark-users-bounces at xxxxxxxxxxxxx 
          04/06/2007 11:13 AM Please respond to
                Community support list for Wireshark <wireshark-users at xxxxxxxxxxxxx> 


         To "Community support list for Wireshark" <wireshark-users at xxxxxxxxxxxxx>  
                cc  
                Subject Re: [Wireshark-users] Starting Wireshark Capture Blocks Network        Traffic 

                

         



    Which VPN client are you using? 
      
    Have a nice day 
    GV 
    ----- Original Message ----- 
    From: David Pruitt 
    To: wireshark-users at xxxxxxxxxxxxx 
    Sent: Friday, April 06, 2007 7:52 AM 
    Subject: [Wireshark-users] Starting Wireshark Capture Blocks Network Traffic 


    Hello, 

    I downloaded and installed Wireshark version 0.99.5 with WinPcap 4.0 and am trying to capture some detailed TCP/IP packet transmissions from my client application connecting via DSL using VPN software to connect to a remote server on my business WAN.  Once I start the Wireshark capture, all of my applications on the client side cannot connect to my work network over the VPN connection.  I am able to access other web sites not using the VPN.     Any suggestions would be appreciated. 

    Thank You!

    David J. Pruitt 


----------------------------------------------------------------------------


    _______________________________________________
    Wireshark-users mailing list
    Wireshark-users at wireshark.org
    http://www.wireshark.org/mailman/listinfo/wireshark-users



------------------------------------------------------------------------------


  _______________________________________________
  Winpcap-bugs mailing list
  Winpcap-bugs at winpcap.org
  https://www.winpcap.org/mailman/listinfo/winpcap-bugs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-bugs/attachments/20071113/cd016b0c/attachment-0001.htm

More information about the Winpcap-bugs mailing list