[Winpcap-users] winpcap and McAfee

Victor Ginzburg vginzburg at gmail.com
Thu Jun 19 22:23:50 GMT 2008


the previous one did get truncated, I've uploaded memory_victor1.rar,
looks fine. thanks for the slides.

-Victor

On 6/19/08, Gianluca Varenni <gianluca.varenni at cacetech.com> wrote:
>
> ----- Original Message ----- From: "Victor Ginzburg" <vginzburg at gmail.com>
> To: <winpcap-users at winpcap.org>
> Sent: Thursday, June 19, 2008 11:40 AM
> Subject: Re: [Winpcap-users] winpcap and McAfee
>
>
> > Hi Gianluca,
> >
> > I've uploaded the crash dump from the customer Memery_victor.rar. I'm
> > not sure at all that the crash is related to winpcap, although it
> > happened consistently when our appplication exited. The system had
> > McAfee 8.0 EWnterprise edition installed.
> >
> >
>
> I think some error occurred while uploading the file to the FTP server. It
> seems truncated (and winrar refuses to decompress it).
>
> > I have another question: That system cannot start network sniffing
> > (message in Event Viewer from Kernel) and winpcap cannot be
> > initialized from our application either. Our application is a service.
> > What could be possible reasons of it? Som McAfee or firewall setting
> > maybe?
> >
>
> If you use WinPcap from within a service, I suggest you to have a look at
> these slides
>
> http://www.cacetech.com/SHARKFEST.08/BoF_Varenni_%20WinPcap%20Do's%20and%20Don'ts.zip
>
> in particular slide #9.
>
> Hope it helps
> GV
>
>
>
> >
> > Thanks,
> > -Victor
> >
> > On 6/19/08, Gianluca Varenni <gianluca.varenni at cacetech.com> wrote:
> >
> > > When your machine crashes, depending on how it's configured, it
> generates a
> > > crash dump or minidump. The crash dump is called memory.dmp and it's
> located
> > > under c:\windows (it gets overwritten at every crash), the minidumps are
> > > saved in c:\windows\minidump and the name of the file contains the date
> of
> > > the crash.
> > >
> > > It would be great if you can send the minidump directly to me. If a
> kernel
> > > dump is generated instead, please zip it and upload it at
> > > ftp://www.winpcap.org/pub/incoming/
> > >
> > > Have a nice day
> > > GV
> > >
> > > ----- Original Message ----- From: "Victor Ginzburg"
> <vginzburg at gmail.com>
> > > To: <winpcap-users at winpcap.org>
> > > Sent: Friday, June 13, 2008 1:54 PM
> > > Subject: Re: [Winpcap-users] winpcap and McAfee
> > >
> > >
> > >
> > > > unfortunately the only thing I see after running the memory dump in >
> WinDbg
> > > is
> > > >
> > > > SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
> > > > ...
> > > > IMAGE_NAME: ntoskrnl.exe
> > > >
> > > > no specific driver mentioned.
> > > >
> > > > -Victor
> > > >
> > > >
> > > > On 6/13/08, Richard Horton <richard.horton at solstans.co.uk> wrote:
> > > >
> > > > >  Victor Ginzburg wrote:
> > > > > > Has anyone experienced problems with running winpcap on systems >
> > > with
> > > > > > McAfee antivirus installed, specifically blue screens?
> > > > > >
> > > > >
> > > > > We use McAfee at work and also make very heavy and extensive use of
> > > > > both Wireshark + winpcap - no problems with either coexisting on our
> > > > > systems.
> > > > >
> > > > > Can you provide more info regarding the BSOD - might not help if its
> > > > > the usual daft message but may help shed some light on the
> situation.
> > > > >
> > > > > Also how repeatable is the crash? If its repeatable then disable
> > > > > McAfee and test-  just remember to reenable your AV afterwards.
> > > > >
> > > > > --
> > > > > Richard Horton
> > > > > Users are like a virus: Each causing a thousand tiny crises until
> the
> > > > > host finally dies.
> > > > > http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian
> > > Forest Cats
> > > > > http://www.pbase.com/arimus - My online photogallery
> > > > > _______________________________________________
> > > > > Winpcap-users mailing list
> > > > > Winpcap-users at winpcap.org
> > > > >
> https://www.winpcap.org/mailman/listinfo/winpcap-users
> > > > >
> > > > >
> > > > _______________________________________________
> > > > Winpcap-users mailing list
> > > > Winpcap-users at winpcap.org
> > > >
> https://www.winpcap.org/mailman/listinfo/winpcap-users
> > > >
> > >
> > > _______________________________________________
> > > Winpcap-users mailing list
> > > Winpcap-users at winpcap.org
> > > https://www.winpcap.org/mailman/listinfo/winpcap-users
> > >
> > >
> > _______________________________________________
> > Winpcap-users mailing list
> > Winpcap-users at winpcap.org
> > https://www.winpcap.org/mailman/listinfo/winpcap-users
> >
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>


More information about the Winpcap-users mailing list