Is the server multi-homed?
Robert
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of John Temples
Sent: Tuesday, March 04, 2008 4:27 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Wireshark only capturing TCP handshake
The firewall is a dedicated appliance. It is not software running on
the Windows 2003 system.
On Tue, 4 Mar 2008, Jaap Keuter wrote:
> Hi,
>
> Let me ask you: The firewall is on the troubled platform? And this
firewall
> has rules for incoming non-local connections? Bet your firewall is
interfering
> in the network stack.
>
> Thanx,
> Jaap
>
> John Temples wrote:
>> I'm trying to capture some incoming HTTP connections with Wireshark
>> 0.99.8 on a Windows Server 2003 system. The only thing Wireshark
>> captures is the three packets in the three-way handshake of the TCP
>> connection; no other packets related to the connection are captured.
>> However, the connection completes successfully. No capture filter is
>> active in Wireshark.
>>
>> When running Wireshark on the PC that originates the connection, the
>> entire transaction is successfully captured on the originating PC.
>>
>> When the connection originates from a PC on the same LAN as the
>> Windows 2003 Server system, Wireshark on the Windows 2003 Server
>> system successfully captures the entire transaction.
>>
>> The problem only occurs when the connection originates from the
>> Internet. The LAN in question has a SonicWALL firewall with no
>> special configuration.
>>
>> What could cause Wireshark not to see the entire connection?
>>
>> --
>> John W. Temples, III
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
--
John W. Temples, III
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
