Joe, unfortunately, there is no easy solution to the problem. Several VPN clients use a mix of layers to tunnel the traffic (a lot of them use a virtual network miniport and an intermediate driver). WinPcap sits on top of this stack, and quite frequently cannot capture all the traffic going on such virtual interfaces, or rather even block the traffic. This behavior is still not clear to us (and it doesn't seem to be documented anywhere in the Microsoft documentation).
I hate to say that: unfortunately WinPcap does not support such VPN client. Have a nice day GV ----- Original Message ----- From: MORSBACH, JOSEPH R (JOE), ATTOPS To: Community support list for Wireshark Cc: winpcap-bugs2 Sent: Tuesday, November 13, 2007 7:00 AM Subject: [Winpcap-bugs] RE: [Wireshark-users] Starting Wireshark CaptureBlocksNetworkTraffic You're definitely right about it being WinPCap... I get the same result when simply running windump on that interface.. My situation is a little different than the gentleman's that started this thread.. 1) I have NO software firewall running 2) I am using AT&T AGN client 6.3 When attempting to capture, I am capturing on the VPN Interface... I can see the outbound packets but no responses come back... This gives the appearance of network traffic being blocked completely because applications are not getting their responses. Once I stop the capture, normal operation resumes. Joe Morsbach Sr. Technical Specialist AT&T Integrated Mobile Services 908.824.9007 (Single Reach) AIM: sta49fireboy Yahoo!: sta49fireboy ------------------------------------------------------------------------------ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gianluca Varenni Sent: Monday, November 12, 2007 4:28 PM To: Community support list for Wireshark Cc: winpcap-bugs2 Subject: Re: [Wireshark-users] Starting Wireshark Capture BlocksNetworkTraffic This is definitely a WinPcap issue and not a wireshark one (wireshark receives packets from WinPcap). I would say that either the Symantec firewall, the VPN client or the AT&T ipsec client (is that an ipsec client or a firewall) are interacting really badly with the WinPcap protocol driver. Can you please try disabling the AT&T firewall? Also, from which adapter are you trying to capture? The ethernet adapter or on the VPN? Have a nice day GV ----- Original Message ----- From: MORSBACH, JOSEPH R (JOE), ATTOPS To: wireshark-users@wireshark.org Sent: Monday, November 12, 2007 12:03 PM Subject: Re: [Wireshark-users] Starting Wireshark Capture Blocks NetworkTraffic Was there ever resolution to this? I am having the same trouble. Thanks From: David Pruitt <[EMAIL PROTECTED]> Date: Fri, 6 Apr 2007 11:28:18 -0400 AT&T Network Client - IBM Version 5.09.2 Firewall name and version is AT&T IPSec Application version 5.09.2 Service is Managed VPN - IPSec Dual Access Microsoft Windows XP 5.01.2600 SP2 Also have Symantec Client Firewall installed but currently disabled. Thank You! David J. Pruitt "Gianluca Varenni" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 04/06/2007 11:13 AM Please respond to Community support list for Wireshark <[EMAIL PROTECTED]> To "Community support list for Wireshark" <[EMAIL PROTECTED]> cc Subject Re: [Wireshark-users] Starting Wireshark Capture Blocks Network Traffic Which VPN client are you using? Have a nice day GV ----- Original Message ----- From: David Pruitt To: [EMAIL PROTECTED] Sent: Friday, April 06, 2007 7:52 AM Subject: [Wireshark-users] Starting Wireshark Capture Blocks Network Traffic Hello, I downloaded and installed Wireshark version 0.99.5 with WinPcap 4.0 and am trying to capture some detailed TCP/IP packet transmissions from my client application connecting via DSL using VPN software to connect to a remote server on my business WAN. Once I start the Wireshark capture, all of my applications on the client side cannot connect to my work network over the VPN connection. I am able to access other web sites not using the VPN. Any suggestions would be appreciated. Thank You! David J. Pruitt ---------------------------------------------------------------------------- _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users ------------------------------------------------------------------------------ _______________________________________________ Winpcap-bugs mailing list [EMAIL PROTECTED] https://www.winpcap.org/mailman/listinfo/winpcap-bugs
_______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
