This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Only inbound traffic

0

Hi.

I'm using Wireshark on the Windows 2008 Server PC with to interfaces and Firefront TMG installed on it. And when I start capturing packets with wireshark, it shows only inbound traffic. I tried it on both interfaces.

Is this normal?

asked 06 Jun '12, 05:30

SKamil's gravatar image

SKamil
1111
accept rate: 0%

3 Answers:

0

sounds like a similar problem as in this question

http://ask.wireshark.org/questions/11560/unable-to-capture-or-display-incoming-tcpip-packets-with-port-8100

Symantec Endpoint Protection prevented wireshark from seeing INCOMING packets. Maybe Firefront TMG does the same for OUTGOING packets in your environment.

See also: http://wiki.wireshark.org/CaptureSetup/InterferingSoftware

Try to sniff on a different machine by using a mirror port on the switch or any other method described in the link below.

http://wiki.wireshark.org/CaptureSetup/Ethernet

Regards
Kurt

answered 06 Jun '12, 12:34

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

0

NetDMA and TCP Chimney Offload. Both technologies offload TCP processing to the NIC thereby bypassing the WinPCAP driver. Instructions for disabling: http://support.microsoft.com/kb/951037#LetMeFixItMyselfAlways

answered 05 Jun '13, 08:25

AbraCadaver's gravatar image

AbraCadaver
111
accept rate: 0%

0

See: Interfering Software

On Windows 7 (64-bit), the SonicWall Global VPN Client (64-bit, version 4.9.9.1016) had to be uninstalled today to resolve a problem with only being able to monitor inbound traffic.

answered 07 Sep '16, 15:35

kbulgrien's gravatar image

kbulgrien
63
accept rate: 0%

edited 08 Sep '16, 05:55

Uninstalling the Global VPN fixed our issue too. Thanks.

(07 Dec '16, 11:13) Werner G