On Windows2008R2, 64 bit with HP Teaming interfaces I watch the UDP requests for my application coming to the interface, but the aplication never responds although correctly configured. There is a local firewall running on the server which is controlled by ActiveDirectory profile Administrators, I cannot disable it (temporarily), I only have local admin rights. I'm running Wireshark in Portable mode. The question is, if I see the datagram in Wireshark on the local machine, can I be confident it is passed up all the way the IP stack to the application ? In other words where sits the local, software firewall in the stack versus the Wireshark ? Could be the local firewall at fault ? asked 20 Jan '14, 08:54  georgedone edited 21 Jan '14, 00:58  Guy Harris ♦♦ |
2 Answers:
To be totally accurate Wireshark doesn't figure in the networking stack, the component that does that is WinPCap. There are some architecture diagrams on their site, but they don't really show where the drivers fit into the stack, and besides that they are woefully out of date (they list Win 95 through to Win XP as supported OS's). WinPCap is an NDIS 5 driver so if you can find other documentation (from MS ??) showing where NDIS 5 fits in that might also help. Other than that you might try the WinPCap support. answered 20 Jan '14, 09:17  grahamb ♦ |
No, because the packet could
In the first three cases, you would see the frame in Wireshark, although the application never gets the UDP packet (we have had several similar issues in other questions). Please check if the OS shows an increasing number of dropped frames (netstat -s). Regarding the firewall problem, see the answer of @grahamb.
Well, checking the firewall (config and logs) would have been the first thing I would have done ;-)) Regards answered 21 Jan '14, 04:16  Kurt Knochner ♦ |
