This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Outbound Packets not captured

0

I know this question has been asked here many times but I found no convincing answer as to the root cause of it. When capturing, outbound packets are not captured when the NIC has DNE LightWeight Filter enabled. DNE is required for my SonicWALL VPN client. My question is 1) What is the reason for this 2) Is there a workaround to capture outbound packets without disabling DNE LightWeight Filter. Any help would be appreciated.

asked 10 Jan '14, 00:14

Budao's gravatar image

Budao
11113
accept rate: 0%

edited 15 Jan '14, 07:04

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237

One Answer:

0

Please try the following

  • uninstall Wireshark, including WinPcap (the later is actually more important)
  • uninstall the VPN client
  • Reboot
  • re-install Wireshark + WinPcap
  • then re-install the VPN client

the order of installation is important. WinPcap first, then the VPN client including DNE.

Please report back if it works on your system.

If not, your options are:

  • disable DNE
  • Boot the system with a Linux CD and run Wireshark there

Regards
Kurt

answered 10 Jan '14, 14:44

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Hi Kurt,

Thanks for taking time to answer my question. I followed your instructions but the issue remains. Disabling DNE is difficult because I use the SonicWALL VPN Client all the time. As for the second option, I use Wireshark extensively and I don't think that's a better option. Any more ideas?

(15 Jan '14, 09:14) Budao

You could try to capture the traffic with Microsoft Network Monitor (maybe that's compatible with DNE), or it's successor MessageAnalyzer and use Wireshark only to analyze the frames.

(15 Jan '14, 09:58) Kurt Knochner ♦