In trying to track down HTTP protocol errors, we installed Wireshark on 3 Windows 2008 R2 servers. Prior to installing Wireshark, specific HTTP traffic would fail. Immediately upon installing Wireshark, the problematic HTTP traffic worked as expected. Even after uninstalling Wireshark, the initially problematic HTTP traffic continued to work. I'm wondering if the Wireshark installation makes changes to the IP stack or any existing .dlls. I'd like to compare against the 2008 R2 servers that continue to have HTTP issues. It could just be a coincidence, but I want to confirm. asked 08 May '13, 14:53  jbright edited 08 May '13, 17:27  Guy Harris ♦♦ |
One Answer:
The Windows Wireshark installer runs the WinPcap installer; WinPcap installs a transport driver (which shouldn't affect other parts of the networking stack) and its own DLLs, but doesn't modify any existing DLLs. Wireshark itself does nothing to the networking stack or any system DLLs. When you uninstalled Wireshark, did you also uninstall WinPcap? (Check whether "WinPcap 4.1.2" is installed.) Perhaps something about WinPcap is making the problem go away. You could try downloading and installing WinPcap on the servers that are still having issues. answered 08 May '13, 17:26 Guy Harris ♦♦ I uninstalled both Wireshark and WinPcap, so in theory, if either of those magically resolved the issue, the issue would return once they were uninstalled. (09 May '13, 08:37) jbright |
what is the nature of those protocol errors and what kind of HTTP traffic failed (how did it fail)?