[Winpcap-users] winpcap and McAfee

Thu Jun 19 22:03:40 GMT 2008

----- Original Message ----- 
From: "Victor Ginzburg" <vginzburg at gmail.com>
To: <winpcap-users at winpcap.org>
Sent: Thursday, June 19, 2008 11:40 AM
Subject: Re: [Winpcap-users] winpcap and McAfee

> Hi Gianluca,
>
> I've uploaded the crash dump from the customer Memery_victor.rar. I'm
> not sure at all that the crash is related to winpcap, although it
> happened consistently when our appplication exited. The system had
> McAfee 8.0 EWnterprise edition installed.
>

I think some error occurred while uploading the file to the FTP server. It 
seems truncated (and winrar refuses to decompress it).

> I have another question: That system cannot start network sniffing
> (message in Event Viewer from Kernel) and winpcap cannot be
> initialized from our application either. Our application is a service.
> What could be possible reasons of it? Som McAfee or firewall setting
> maybe?

If you use WinPcap from within a service, I suggest you to have a look at 
these slides

http://www.cacetech.com/SHARKFEST.08/BoF_Varenni_%20WinPcap%20Do's%20and%20Don'ts.zip

in particular slide #9.

Hope it helps
GV

>
> Thanks,
> -Victor
>
> On 6/19/08, Gianluca Varenni <gianluca.varenni at cacetech.com> wrote:
>> When your machine crashes, depending on how it's configured, it generates 
>> a
>> crash dump or minidump. The crash dump is called memory.dmp and it's 
>> located
>> under c:\windows (it gets overwritten at every crash), the minidumps are
>> saved in c:\windows\minidump and the name of the file contains the date 
>> of
>> the crash.
>>
>> It would be great if you can send the minidump directly to me. If a 
>> kernel
>> dump is generated instead, please zip it and upload it at
>> ftp://www.winpcap.org/pub/incoming/
>>
>> Have a nice day
>> GV
>>
>> ----- Original Message ----- From: "Victor Ginzburg" 
>> <vginzburg at gmail.com>
>> To: <winpcap-users at winpcap.org>
>> Sent: Friday, June 13, 2008 1:54 PM
>> Subject: Re: [Winpcap-users] winpcap and McAfee
>>
>>
>>
>> > unfortunately the only thing I see after running the memory dump in 
>> > WinDbg
>> is
>> >
>> > SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
>> > ...
>> > IMAGE_NAME: ntoskrnl.exe
>> >
>> > no specific driver mentioned.
>> >
>> > -Victor
>> >
>> >
>> > On 6/13/08, Richard Horton <richard.horton at solstans.co.uk> wrote:
>> >
>> > >  Victor Ginzburg wrote:
>> > > > Has anyone experienced problems with running winpcap on systems 
>> > > > with
>> > > > McAfee antivirus installed, specifically blue screens?
>> > > >
>> > >
>> > > We use McAfee at work and also make very heavy and extensive use of
>> > > both Wireshark + winpcap - no problems with either coexisting on our
>> > > systems.
>> > >
>> > > Can you provide more info regarding the BSOD - might not help if its
>> > > the usual daft message but may help shed some light on the situation.
>> > >
>> > > Also how repeatable is the crash? If its repeatable then disable
>> > > McAfee and test-  just remember to reenable your AV afterwards.
>> > >
>> > > --
>> > > Richard Horton
>> > > Users are like a virus: Each causing a thousand tiny crises until the
>> > > host finally dies.
>> > > http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian
>> Forest Cats
>> > > http://www.pbase.com/arimus - My online photogallery
>> > > _______________________________________________
>> > > Winpcap-users mailing list
>> > > Winpcap-users at winpcap.org
>> > > https://www.winpcap.org/mailman/listinfo/winpcap-users
>> > >
>> > >
>> > _______________________________________________
>> > Winpcap-users mailing list
>> > Winpcap-users at winpcap.org
>> > https://www.winpcap.org/mailman/listinfo/winpcap-users
>> >
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users 