[Winpcap-users] WireShark with VirusBuster losts outgoing packet
Gianluca Varenni
gianluca.varenni at cacetech.com
Tue Jan 29 19:42:05 GMT 2008
I have never tried Virus Buster, but I'd bet they use some sort of ndis hook
driver that bypasses the standard Windows networking stack, thus preventing
WinPcap from properly capturing packets when such driver is running. If
that's the case, there is no fix to the problem, as they use a non-standard
approach to filter packets for virus scanning.
The only way to understand what's going on would be to attach a remote
kernel debugger on the machine and see what's going on in the networking
stack.
Have a nice day
GV
----- Original Message -----
From: <tamagawa at skygroup.jp>
To: <winpcap-users at winpcap.org>
Sent: Tuesday, January 29, 2008 3:44 AM
Subject: [Winpcap-users] WireShark with VirusBuster losts outgoing packet
> Hi,
>
> I encountered a problem that WireShark 0.99.6a seems to ignore
> outgoing packet. I use WireShark on a machine with VirusBuster
> Corporate Edition v8. When I disable VirusBuster, WireShark captures
> outgoing packets.
>
> I read the FAQ at
>
> http://www.winpcap.org/misc/faq.htm#Q-10
>
> and found that it is known issue.
>
> My Questions are:
>
> -Is this still a problem that had not been solved ?
> -Is there anything I can do to solve this problem ?
> I would be grad to build given test code and see what happens,
> but afraid that I am not able to look in to the code in detail
> to detect the reason of the problem by myself.
>
> Regards,
> --
> tamagawa ryuji
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list