I have two servers that act as application servers. When I run wireshark on one of the servers the telnet data packets show up. But when I run wireshark on the other server they don't. I can see the TCP handshake but not the data packets. I have uninstalled and reinstalled wireshark several times. I know the packets are there because a lot of users are using that server and I see the handshakes. What should I look at? asked 21 Jan '11, 12:02  PAML |
One Answer:
Have a look at the settings of the driver of your network card. It is probably configured to do some offloading. That often makes data packets slip past the capturing code. You can find more info on http://wiki.wireshark.org/CaptureSetup/Offloading answered 21 Jan '11, 12:18  SYN-bit ♦♦ |
I looked and that option was not there. Both machines have the network cards configured the same. I dont think that is it, thanks for the answer!
Another thing that could be in the way like this are VPN drivers...
These are physical machines not virtual machines, is that what you mean?
:-) No, I meant software that makes a Virtual Private Network connection (VPN). They also nest themselves in the Networking stack which can get in the way of the capturing mechanism.
how do I check that. The machines were set up the same, at least that is what the server guys said. LOL