I'm using Wireshark on the Windows 2008 Server PC with to interfaces and Firefront TMG installed on it. And when I start capturing packets with wireshark, it shows only inbound traffic. I tried it on both interfaces.
Is this normal?
asked 06 Jun '12, 05:30
sounds like a similar problem as in this question
Symantec Endpoint Protection prevented wireshark from seeing INCOMING packets. Maybe Firefront TMG does the same for OUTGOING packets in your environment.
Try to sniff on a different machine by using a mirror port on the switch or any other method described in the link below.
answered 06 Jun '12, 12:34
Kurt Knochner ♦
NetDMA and TCP Chimney Offload. Both technologies offload TCP processing to the NIC thereby bypassing the WinPCAP driver. Instructions for disabling: http://support.microsoft.com/kb/951037#LetMeFixItMyselfAlways
answered 05 Jun '13, 08:25
See: Interfering Software
On Windows 7 (64-bit), the SonicWall Global VPN Client (64-bit, version 184.108.40.2066) had to be uninstalled today to resolve a problem with only being able to monitor inbound traffic.
answered 07 Sep '16, 15:35
edited 08 Sep '16, 05:55