Wireshark-users: Re: [Wireshark-users] Understanding what I'm seeing
From: Chad Webb <Chad.Webb@xxxxxxxx>
Date: Thu, 11 Oct 2007 09:38:01 -0500
EUREKA!!!!!

I removed the Symantec Client VPN application, Wireshark and
WinPcap....reinstalled Wireshark and WinPcap and "I can see clearly
now".  I had looked through the Symantec Client VPN app before to turn
off the internal firewall, but that didn't help.  Maybe on install the
application does something to the driver that Wireshark doesn't like.

Thanks to all who weighed in with suggestions......I appreciate the effort.

-Chad

Chad Webb said the following on 10/11/2007 9:25 AM:
> Thanks for the response.  The reason I don't think it is the switch
> configuration is because I'm seeing the same result on 4 different
> switches (3 different 3560Gs and one 3550).  I don't handle the Windows
> patching/installation and I believe something has been added/patched on
> my laptop (wireshark installation) to produce these results.  This is
> also the first time trying this since upgrading from 0.99.5 -> 0.99.6a.
>  I'm going to remove a few pieces of software from the system running
> Wireshark (to include removing WinPcap and Wireshark) and reinstall
> Wireshark to see if that changes anything.
> 
> 
> 
> Giles Coochey said the following on 10/11/2007 4:47 AM:
>>> When http attempt is made to www.4thegame.com (213.160.120.1) all I
>> see
>>> is:
>>>
>>> Source		Destination	Protocol	Info
>>> 127.0.0.1	213.160.120.1	ICMP		Echo (ping) request
>>>
>>>
>> There is definitely something wrong with your network. You should never,
>> ever see a loopback address on an actual wire.
>>
>> You are capturing on the right interface I take it?
>>
>> I would probably uninstall both WinPcap and Wireshark and re-install.
>>
>> The other time I had a problem with this type of thing I downloaded the
>> backtrack Linux iso (live cd) and ran Wireshark from that (to eliminate
>> Windows XP from the problem).
>>
>> http://www.remote-exploit.org/backtrack.html
>>
>> _______________________________________________
>> Wireshark-users mailing list
>> Wireshark-users@xxxxxxxxxxxxx
>> http://www.wireshark.org/mailman/listinfo/wireshark-users
> 

-- 
Chad S. Webb
Systems Administrator
General Dynamics Information Technology
NOAA\NESDIS\NCDDC
Bldg 1100 Rm 117
Stennis Space Center, MS 39529
Voice: 228.688.3808
Email: Chad.Webb@xxxxxxxx; chad.webb@xxxxxxxx
www.gdit.com