<HTML><HEAD></HEAD>
<BODY dir=ltr>
<DIV dir=ltr>
<DIV style="FONT-SIZE: 14pt; FONT-FAMILY: '????'; COLOR: #000000">
<DIV><FONT size=4>Wireshark is open source, you can read its
code...</FONT></DIV>
<DIV
style="FONT-SIZE: small; FONT-FAMILY: 'Calibri'; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; TEXT-DECORATION: none; DISPLAY: inline">
<DIV style="FONT: 10pt tahoma">
<DIV> </DIV>
<DIV style="BACKGROUND: #f5f5f5">
<DIV style="font-color: black"><B>From:</B> <A title=eckorsberg@ra.rockwell.com
href="mailto:eckorsberg@ra.rockwell.com">Edward C Korsberg</A> </DIV>
<DIV><B>Sent:</B> Monday, December 17, 2012 11:34 PM</DIV>
<DIV><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV><B>Subject:</B> [Winpcap-users] Odd behavior on failure to receive data
fromwinPcap in some cases</DIV></DIV></DIV>
<DIV> </DIV></DIV>
<DIV
style="FONT-SIZE: small; FONT-FAMILY: 'Calibri'; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; TEXT-DECORATION: none; DISPLAY: inline"><FONT
size=2 face=sans-serif>I have an odd situation and will try to explain with
detail what I am seeing and would really appreciate some help fixing
this.</FONT> <BR><BR><FONT size=2 face=sans-serif>On 2 pc's my setup is Windows
7 Ultimate, Service Pack 1 and have WinPcap 4.1.2</FONT> <BR><FONT size=2
face=sans-serif>and Windows 7 Professional, SP1 and WinPcap 4.1.2 on a third
pc.</FONT> <BR><FONT size=2 face=sans-serif>The PC's with Windows 7 Ultimate,
Service Pack have Symantec EndPoint Protection version 11.0.6005.562</FONT>
<BR><FONT size=2 face=sans-serif>and the Windows 7 Professional, SP1 pc
has Symantec EndPoint Protection version 11.0.7000.975</FONT>
<BR><BR><BR><FONT size=2 face=sans-serif>Prior to several months ago all was
working fine. </FONT><BR><FONT size=2 face=sans-serif>But then on 2 of my
3 PC's (win7 Ultimate & symantec 11.0.6005.562) I started having problems
receiving data via the WinPcap API.</FONT> <BR><FONT size=2 face=sans-serif>In
my applications I can open a connection/handle to an interface and I can
successfully transmit data over this interface but all attempts to read/receive
data result in the application being blocked.</FONT> <BR><FONT size=2
face=sans-serif>However I can open Wireshark and successfully receive data on
these same pc's and interfaces.</FONT> <BR><BR><FONT size=2 face=sans-serif>As I
mentioned before these applications were working on all my pc's up until some
months ago. </FONT><BR><FONT size=2 face=sans-serif>I suspect our
corporate IT department pushed (via the evil Altiris application) some security
patch on my pc and then after rebooting these applications no longer worked in
the aforementioned receive mode.</FONT> <BR><FONT size=2 face=sans-serif>Again I
need to state that Wireshark can work fine and I assume that Wireshark is using
the same underlying WinPcap dll/interfaces as my application but maybe wireshark
has some secret back door interface I am not aware of.</FONT> <BR><BR><FONT
size=2 face=sans-serif>I have tried all reasonable combinations of </FONT><FONT
size=1 face=}>pcap_open</FONT><FONT size=2 face=sans-serif>, </FONT><FONT size=1
face=}>pcap_open_live and using the classis pcap_loop vs pcap_next_ex and
nothing seems to open up the reception of data.</FONT> <BR><FONT size=2
face=sans-serif>Symantec EndPoint Protection has the runtime option of disabling
protection and I have tried this but there is no change in behavior.</FONT>
<BR><BR><FONT size=1 face=}>I should note that this errant behavior seems to be
independent of the network interface I use. I have 4 different NIC's in my
setup (yes a lot) and all behave the same.</FONT> <BR><BR><FONT size=1 face=}>My
suspicion is that this is related to </FONT><FONT size=2
face=sans-serif>Symantec EndPoint Protection</FONT><FONT size=1 face=}> but then
I cannot explain why Wirehark would not also be affected by this.</FONT>
<BR><BR><FONT size=2 face=sans-serif><BR>Ed Korsberg<BR>Rockwell
Automation<BR>Mayfield Heights, Ohio 44124<BR>440-646-4456
(phone)<BR>440-646-3076 (fax)<BR>eckorsberg@ra.rockwell.com</FONT>
<P>
<HR>
_______________________________________________<BR>Winpcap-users mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></DIV></DIV></DIV></BODY></HTML>