Wireshark-users: Re: [Wireshark-users] Packet Capture & Personal Firewalls
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Randy.Grein@xxxxxxxxxxxxxx
Date: Mon, 2 Jul 2007 08:20:28 -0700
I checked wireshark on XP and Ethereal on Mac OS 10.4; both continue to 
receive packets with the firewall turned on and in 'full' blocking mode. I 
didn't test services on the workstations as Apple explicitly requires 
these services to be turned off when blocking those ports with the 
firewall.

Randy Grein
Network Engineer



"Keith French" <keithfrench@xxxxxxxxxxxxx> 
Sent by: wireshark-users-bounces@xxxxxxxxxxxxx
06/29/2007 01:58 PM
Please respond to
Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>


To
"Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
cc

Subject
Re: [Wireshark-users] Packet Capture & Personal Firewalls






Randy,

That is the problem I have at work as well, can't disable the firewall.

Keith.
----- Original Message ----- 
From: <Randy.Grein@xxxxxxxxxxxxxx>
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Sent: Friday, June 29, 2007 3:43 PM
Subject: Re: [Wireshark-users] Packet Capture & Personal Firewalls


> Depends. IIRC the NIC may be in promiscuous mode and pass all packets up
> the stack, but the firewall sits between it and the application. Hence
> packets will be filtered. I can't test this at work to verify as we have
> the firewall controlled by a group policy, but I can check when I get
> home.
>
> Randy Grein
> Network Engineer
>
>
>
> "Keith French" <keithfrench@xxxxxxxxxxxxx>
> Sent by: wireshark-users-bounces@xxxxxxxxxxxxx
> 06/28/2007 08:27 AM
> Please respond to
> Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
>
>
> To
> "Wireshark-Users" <wireshark-users@xxxxxxxxxxxxx>
> cc
>
> Subject
> [Wireshark-users] Packet Capture & Personal Firewalls
>
>
>
>
>
>
> I thought this did not matter as Wireshark puts the NIC card in
> promiscuous mode and hence the IP address of the PC is irrelevant unless
> you want to things such as pings. However, some people think otherwise.
>
> Are there any problems doing a capture on a WinXP machine that has a
> personal firewall such as ZoneAlarm running on it?
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
>
> - -------------------------
>
> CONFIDENTIALITY NOTICE: The information in this message may be 
proprietary 
> and/or confidential, and is intended only for the use of the 
individual(s) 
> to whom this email is addressed.  If you are not the intended recipient, 

> you are hereby notified that any use, dissemination, distribution or 
> copying of this communication is strictly prohibited. If you have 
received 
> this communication in error, please notify us immediately by replying to 

> this email and deleting this email from your computer.  Nothing 
contained 
> in this email or any attachment shall satisfy the requirements for 
> contract formation or constitute an electronic signature.
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>


--------------------------------------------------------------------------------


No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.476 / Virus Database: 269.9.14/880 - Release Date: 29/06/2007 

14:15

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users



- -------------------------

CONFIDENTIALITY NOTICE: The information in this message may be proprietary and/or confidential, and is intended only for the use of the individual(s) to whom this email is addressed.  If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this email and deleting this email from your computer.  Nothing contained in this email or any attachment shall satisfy the requirements for contract formation or constitute an electronic signature.