Wireshark · Wireshark-users: Re: [Wireshark-users] Vanishing interface

Wireshark-users: Re: [Wireshark-users] Vanishing interface

Date: Mon, 24 May 2010 20:34:53 -0700

OK.  I have installed 4.1.1 and checked to see if the 'vanishing
interface' problem still happened.  Yes, it does.  But I don't think
that it is largely a Winpcap problem.  I think that I have figured out
what is happening...

My machine has a proxy front end.  After the key exchange, the
TCP/HTTP protocol traffic is forwarded and becomes SSH protocol
traffic.  What I think is happening is that the WAN people are running
multiple DNS queries.  One in the beginning and others later.  Since
the first query produces an IP before I log onto my proxy and the
subsequent query produces a different (yet consistent) IP, they are
dropping the connection.  My proxy is trying to rebound and do another
key exchange, etc. but ultimately, the proxy crashes. Often when this
happens, I have to restart everything.  This is the scenario that I
believe is largely causing the interface to disappear.  The ungraceful
exits.  I believe the problem lies with the extra WAN DNS checks.

I also believe that these WAN activities are causing some malformed
packets as well.

Thanks again

On 5/24/10, M K <gedropi@xxxxxxxxx> wrote:
> Don't know.  I will try and get back with you.  thanks
>
> On 5/24/10, Gianluca Varenni <gianluca.varenni@xxxxxxxxxxxx> wrote:
>> Does 4.1.1 show the same issue?
>>
>> GV
>>
>> --------------------------------------------------
>> From: "M K" <gedropi@xxxxxxxxx>
>> Sent: Monday, May 24, 2010 11:38 AM
>> To: "Community support list for Wireshark"
>> <wireshark-users@xxxxxxxxxxxxx>
>> Subject: Re: [Wireshark-users] Vanishing interface
>>
>>> Typo. 4.0.2  Sorry
>>> On 5/24/10, Gianluca Varenni <gianluca.varenni@xxxxxxxxxxxx> wrote:
>>>> There is no WinPcap 4.2. The latest version is 4.1.1.
>>>>
>>>> Have a nice day
>>>> GV
>>>>
>>>> --------------------------------------------------
>>>> From: "M K" <gedropi@xxxxxxxxx>
>>>> Sent: Monday, May 24, 2010 8:57 AM
>>>> To: "Community support list for Wireshark"
>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>> Subject: Re: [Wireshark-users] Vanishing interface
>>>>
>>>>> I am using 4.2.  Yes, it has happened again but this time I was able
>>>>> to get it back without waiting until the next day.  Thanks
>>>>>
>>>>> On 5/24/10, Gianluca Varenni <gianluca.varenni@xxxxxxxxxxxx> wrote:
>>>>>> This is most probably a WinPcap issue, and not a Wireshark one.
>>>>>>
>>>>>> Which version of WinPcap are you using?
>>>>>> When you encounter the issue, can you please report a bug as
>>>>>> explained
>>>>>> here:
>>>>>>
>>>>>> http://www.winpcap.org/bugs.htm
>>>>>>
>>>>>> Have a nice day
>>>>>> GV
>>>>>>
>>>>>>
>>>>>> --------------------------------------------------
>>>>>> From: "M K" <gedropi@xxxxxxxxx>
>>>>>> Sent: Sunday, May 23, 2010 9:22 AM
>>>>>> To: "Community support list for Wireshark"
>>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>>> Subject: [Wireshark-users] Vanishing interface
>>>>>>
>>>>>>> Currently I am using this low-end machine (Windows 2000 OEM, dial
>>>>>>> up)
>>>>>>> for passive monitoring to debug application, firewall, security and
>>>>>>> LAN issues via the generic adaptor & the WAN (PPP/SLIP) interfaces
>>>>>>> working in tandem.  This has worked very well.  Or, at least, until
>>>>>>> yesterday.
>>>>>>>
>>>>>>> Yesterday, somehow I lost the WAN (PPP/SLIP) interface.  Without
>>>>>>> that
>>>>>>> interface, there was no capturing - unless one performs the
>>>>>>> installation of the virtual loopback adapter.
>>>>>>>
>>>>>>> Here is what I did.  When the WAN interface vanished yesterday, I
>>>>>>> attempted to restart the box and then log on with WS.  No Wan
>>>>>>> interface.  Today I booted up and again started up WS.  Today both
>>>>>>> interfaces were back.
>>>>>>>
>>>>>>> Here's my question:  Why did I loose the interface in the first
>>>>>>> place?
>>>>>>> Since this interface originates from the WAN (for which I have no
>>>>>>> visibility) could this be a DCHP lease issue or an ACL issue or ?
>>>>>>>
>>>>>>> Many thanks.
>>>>>>> ___________________________________________________________________________
>>>>>>> Sent via:    Wireshark-users mailing list
>>>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>>>> Archives:    http://www.wireshark.org/lists/wireshark-users
>>>>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>>>>
>>>>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>>>
>>>>>> ___________________________________________________________________________
>>>>>> Sent via:    Wireshark-users mailing list
>>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>>> Archives:    http://www.wireshark.org/lists/wireshark-users
>>>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>>>
>>>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>>>
>>>>> ___________________________________________________________________________
>>>>> Sent via:    Wireshark-users mailing list
>>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>>> Archives:    http://www.wireshark.org/lists/wireshark-users
>>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>>
>>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>
>>>> ___________________________________________________________________________
>>>> Sent via:    Wireshark-users mailing list
>>>> <wireshark-users@xxxxxxxxxxxxx>
>>>> Archives:    http://www.wireshark.org/lists/wireshark-users
>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>>
>>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>>>
>>> ___________________________________________________________________________
>>> Sent via:    Wireshark-users mailing list
>>> <wireshark-users@xxxxxxxxxxxxx>
>>> Archives:    http://www.wireshark.org/lists/wireshark-users
>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>
>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>
>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
>

Follow-Ups:
- Re: [Wireshark-users] Vanishing interface
  - From: M K

References:
- [Wireshark-users] Vanishing interface
  - From: M K
- Re: [Wireshark-users] Vanishing interface
  - From: Gianluca Varenni
- Re: [Wireshark-users] Vanishing interface
  - From: M K
- Re: [Wireshark-users] Vanishing interface
  - From: Gianluca Varenni
- Re: [Wireshark-users] Vanishing interface
  - From: M K
- Re: [Wireshark-users] Vanishing interface
  - From: Gianluca Varenni
- Re: [Wireshark-users] Vanishing interface
  - From: M K

Prev by Date: Re: [Wireshark-users] Vanishing interface
Next by Date: [Wireshark-users] Printing the protocol identification from command line
Previous by thread: Re: [Wireshark-users] Vanishing interface
Next by thread: Re: [Wireshark-users] Vanishing interface
Index(es):
- Date
- Thread