[Winpcap-users] Using WinPcap "breaks" TCP

Gianluca Varenni gianluca.varenni at cacetech.com
Thu Jul 19 18:13:38 GMT 2007 

----- Original Message ----- 
From: <1603 at gmx.de>
To: "Marc Rennhard" <winpcap-users at winpcap.org>
Sent: Thursday, July 12, 2007 5:41 AM
Subject: Re: [Winpcap-users] Using WinPcap "breaks" TCP


>
> Hello Marc,
>
>
>> Googling, I just found that there seems to be problem with using Winpcap 
>> and
>> Kerio Firewall [...]
>
> I can certainly vouch for that, this very problem has been bugging me for
> quite some time. It has even gotten worse over the releases:
>
> On machines running Kerio (v2.1.5, I believe) I can't upgrade WinPCap
> to anything higher than v3.1beta4. Even switching to beta5 causes the
> system to freeze when starting a trace in Ethereal, sometimes the
> first time, usually the second one (start-stop-start-freeze.)
>
> Unfortunatly I can't abandon Kerio either because inspite of intensive
> searching I have yet to find an adequate replacement. I've looked at
> what must be close to 50 different firewalls but was unable to find
> anything suitable. If you discover something interesting, I'd be
> grateful for a hint.
>
>
> The Kerio-broken-protocol-issue isn't necessarily due to WinPCap at
> all: Some of my machines tend to have problems establishing an
> outgoing VPN connection via PPTP. When looking into the wire I can
> also see that the handshake is performed, but no data transmitted
> afterwards. Often modifying the load time for the Kerio driver
> fwdrv.sys from "automatic" to "manual" (or vice versa, different
> machines appear to like a different setting) helps and the problem
> vanishes, if only to resurface again some months later.

This is the "sad" story about the kerio firewall. It performs all sorts of 
undocumented (and unsupported) hooks into the networking stack to perform 
its job, resulting in these <sarcastic>wonderful</sarcastic> problems (and 
debugging a windows crash when the kerio driver is installed is even more 
fun). Back in January I personally debugged a similar problem with the kerio 
firewall (in particular fwdrv.sys), without success. That driver performs 
all sort of crazy things that it's even difficult to understand what the 
operating system was trying to do in the first place.

The best suggestion I can give you is getting rid of that personal firewall.

Don't ask me suggestions for a good one. I personally don't use one, as I 
think that most of them make more damage than advantages (just my personal 
opinion, however).

Hope it helps
GV



>
>
>
> -- 
> Mit freundlichen Grüßen
> 1603 at gmx.de
> mailto:1603 at gmx.de
>
>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users

More information about the Winpcap-users mailing list