[Winpcap-users] winpcap and McAfee
Gianluca Varenni
gianluca.varenni at cacetech.com
Fri Jun 20 18:09:44 GMT 2008
memory_victor1.rar seems to be truncated as well :-(
Have a nice day
GV
----- Original Message -----
From: "Victor Ginzburg" <vginzburg at gmail.com>
To: <winpcap-users at winpcap.org>
Sent: Thursday, June 19, 2008 3:23 PM
Subject: Re: [Winpcap-users] winpcap and McAfee
> the previous one did get truncated, I've uploaded memory_victor1.rar,
> looks fine. thanks for the slides.
>
> -Victor
>
> On 6/19/08, Gianluca Varenni <gianluca.varenni at cacetech.com> wrote:
>>
>> ----- Original Message ----- From: "Victor Ginzburg"
>> <vginzburg at gmail.com>
>> To: <winpcap-users at winpcap.org>
>> Sent: Thursday, June 19, 2008 11:40 AM
>> Subject: Re: [Winpcap-users] winpcap and McAfee
>>
>>
>> > Hi Gianluca,
>> >
>> > I've uploaded the crash dump from the customer Memery_victor.rar. I'm
>> > not sure at all that the crash is related to winpcap, although it
>> > happened consistently when our appplication exited. The system had
>> > McAfee 8.0 EWnterprise edition installed.
>> >
>> >
>>
>> I think some error occurred while uploading the file to the FTP server.
>> It
>> seems truncated (and winrar refuses to decompress it).
>>
>> > I have another question: That system cannot start network sniffing
>> > (message in Event Viewer from Kernel) and winpcap cannot be
>> > initialized from our application either. Our application is a service.
>> > What could be possible reasons of it? Som McAfee or firewall setting
>> > maybe?
>> >
>>
>> If you use WinPcap from within a service, I suggest you to have a look at
>> these slides
>>
>> http://www.cacetech.com/SHARKFEST.08/BoF_Varenni_%20WinPcap%20Do's%20and%20Don'ts.zip
>>
>> in particular slide #9.
>>
>> Hope it helps
>> GV
>>
>>
>>
>> >
>> > Thanks,
>> > -Victor
>> >
>> > On 6/19/08, Gianluca Varenni <gianluca.varenni at cacetech.com> wrote:
>> >
>> > > When your machine crashes, depending on how it's configured, it
>> generates a
>> > > crash dump or minidump. The crash dump is called memory.dmp and it's
>> located
>> > > under c:\windows (it gets overwritten at every crash), the minidumps
>> > > are
>> > > saved in c:\windows\minidump and the name of the file contains the
>> > > date
>> of
>> > > the crash.
>> > >
>> > > It would be great if you can send the minidump directly to me. If a
>> kernel
>> > > dump is generated instead, please zip it and upload it at
>> > > ftp://www.winpcap.org/pub/incoming/
>> > >
>> > > Have a nice day
>> > > GV
>> > >
>> > > ----- Original Message ----- From: "Victor Ginzburg"
>> <vginzburg at gmail.com>
>> > > To: <winpcap-users at winpcap.org>
>> > > Sent: Friday, June 13, 2008 1:54 PM
>> > > Subject: Re: [Winpcap-users] winpcap and McAfee
>> > >
>> > >
>> > >
>> > > > unfortunately the only thing I see after running the memory dump in
>> > > > >
>> WinDbg
>> > > is
>> > > >
>> > > > SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
>> > > > ...
>> > > > IMAGE_NAME: ntoskrnl.exe
>> > > >
>> > > > no specific driver mentioned.
>> > > >
>> > > > -Victor
>> > > >
>> > > >
>> > > > On 6/13/08, Richard Horton <richard.horton at solstans.co.uk> wrote:
>> > > >
>> > > > > Victor Ginzburg wrote:
>> > > > > > Has anyone experienced problems with running winpcap on systems
>> > > > > > >
>> > > with
>> > > > > > McAfee antivirus installed, specifically blue screens?
>> > > > > >
>> > > > >
>> > > > > We use McAfee at work and also make very heavy and extensive use
>> > > > > of
>> > > > > both Wireshark + winpcap - no problems with either coexisting on
>> > > > > our
>> > > > > systems.
>> > > > >
>> > > > > Can you provide more info regarding the BSOD - might not help if
>> > > > > its
>> > > > > the usual daft message but may help shed some light on the
>> situation.
>> > > > >
>> > > > > Also how repeatable is the crash? If its repeatable then disable
>> > > > > McAfee and test- just remember to reenable your AV afterwards.
>> > > > >
>> > > > > --
>> > > > > Richard Horton
>> > > > > Users are like a virus: Each causing a thousand tiny crises until
>> the
>> > > > > host finally dies.
>> > > > > http://www.solstans.co.uk - Solstans Japanese Bobtails and
>> > > > > Norwegian
>> > > Forest Cats
>> > > > > http://www.pbase.com/arimus - My online photogallery
>> > > > > _______________________________________________
>> > > > > Winpcap-users mailing list
>> > > > > Winpcap-users at winpcap.org
>> > > > >
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>> > > > >
>> > > > >
>> > > > _______________________________________________
>> > > > Winpcap-users mailing list
>> > > > Winpcap-users at winpcap.org
>> > > >
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>> > > >
>> > >
>> > > _______________________________________________
>> > > Winpcap-users mailing list
>> > > Winpcap-users at winpcap.org
>> > > https://www.winpcap.org/mailman/listinfo/winpcap-users
>> > >
>> > >
>> > _______________________________________________
>> > Winpcap-users mailing list
>> > Winpcap-users at winpcap.org
>> > https://www.winpcap.org/mailman/listinfo/winpcap-users
>> >
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list