[Winpcap-users] Strangest thing ever !!! Captures only TCP 3-way handshake negotiation and not any data ?!?

[Free Prefix]

Hello All,

Recently I have encountered a very strange phenomenon happens on one
of our new servers.

Server details:
IBM XSeries_3550, Intel Xeon CPU 5130 @ 2 ghz
Network Card: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
WinPCap 4
Wireshark: 0.99.5

When sniffing network traffic with Wireshark, I can see only the TCP
3-way handshake captured but not the traffic itself afterwards. This
happens using any winsock application including Internet explorer and
such , see attached: Browsing_through_iexplore.cap
The most bizarre thing is that if I am doing "telnet" to the same web
server and passing data through the connection I can indeed see the
traffic, see: Browsing_through_telnet.cap

I thought at first it could be a running Antivirus application or such
that at some level captures the network traffic to analyze viruses
before it reaches winpcap but I doubt it because no such application
exist on the server.

I also tried to play with the advanced features of the card such as:
Jumbo frames, Jumbo MTU size etc,Large Send Offload etc  .... but got
the same results.

Any thoughts around this ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Browsing_through_iexplore.cap
Type: application/octet-stream
Size: 248 bytes
Desc: not available
Url : http://www.winpcap.org/pipermail/winpcap-users/attachments/20070503/9c55701a/Browsing_through_iexplore.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Browsing_through_telnet.cap
Type: application/octet-stream
Size: 4065 bytes
Desc: not available
Url : http://www.winpcap.org/pipermail/winpcap-users/attachments/20070503/9c55701a/Browsing_through_telnet.obj