Hello All, Recently I have encountered a very strange phenomenon happens on one of our new servers.
Server details: IBM XSeries_3550, Intel Xeon CPU 5130 @ 2 ghz Network Card: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) WinPCap 4 Wireshark: 0.99.5 When sniffing network traffic with Wireshark, I can see only the TCP 3-way handshake captured but not the traffic itself afterwards. This happens using any winsock application including Internet explorer and such , see attached: Browsing_through_iexplore.cap The most bizarre thing is that if I am doing "telnet" to the same web server and passing data through the connection I can indeed see the traffic, see: Browsing_through_telnet.cap I thought at first it could be a running Antivirus application or such that at some level captures the network traffic to analyze viruses before it reaches winpcap but I doubt it because no such application exist on the server. I think the problem got more to do with WinPCap but still if someone has a clue that would be great :) Any thoughts around this ?
Browsing_through_iexplore.cap
Description: Binary data
Browsing_through_telnet.cap
Description: Binary data
_______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
