If it's not a firewall problem (e.g. because the firewall is a specific piece of hardware on the LAN, and not a software product), another possibility is TCP chimney, i.e. your network card performs TCP offloading. In this case the card is responsible for dealing with the TCP sessions almost completely and WinPcap/Wireshark do not see the packets.
Have a nice day GV ----- Original Message ----- From: "Jaap Keuter" <[EMAIL PROTECTED]> To: "Community support list for Wireshark" <wireshark-users@wireshark.org> Sent: Tuesday, March 04, 2008 1:20 PM Subject: Re: [Wireshark-users] Wireshark only capturing TCP handshake > Hi, > > Let me ask you: The firewall is on the troubled platform? And this > firewall > has rules for incoming non-local connections? Bet your firewall is > interfering > in the network stack. > > Thanx, > Jaap > > John Temples wrote: >> I'm trying to capture some incoming HTTP connections with Wireshark >> 0.99.8 on a Windows Server 2003 system. The only thing Wireshark >> captures is the three packets in the three-way handshake of the TCP >> connection; no other packets related to the connection are captured. >> However, the connection completes successfully. No capture filter is >> active in Wireshark. >> >> When running Wireshark on the PC that originates the connection, the >> entire transaction is successfully captured on the originating PC. >> >> When the connection originates from a PC on the same LAN as the >> Windows 2003 Server system, Wireshark on the Windows 2003 Server >> system successfully captures the entire transaction. >> >> The problem only occurs when the connection originates from the >> Internet. The LAN in question has a SonicWALL firewall with no >> special configuration. >> >> What could cause Wireshark not to see the entire connection? >> >> -- >> John W. Temples, III > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
