This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Does Wireshark see packages blocked by Firewall or F-Secure?

0

Hi I'm an occasional user of Wireshark to trouble shoot networking problems in private environments.

Due to a current problem, I'm wondering what packets Wireshark can see when capturing traffic which might get blocked by either a local firewall (Windows 7) or some internet security software such as F-Secure Internet Security with its Broser Protection.

I understand the latter is very specific to the security product, but maybe some has some knowledge on this part, too.

Suppose there is a software (not a browser) running on my PC that is retrieving data from a server using HTTP protocol.

a) Would Wireshark be able to capture packets sent out if the Windows Firewall would block this outgoing traffic?

b) Would Wireshark be able to capture packets received from the server if the Windows Firewall would block this incomming traffic?

c) Would Wireshark be able to capture packets received from the server if the Windows Firewall would let them through, but "Browser Protection" decides to block that traffic.

Any insight is appreciated. Thanks Peter

asked 23 Nov '14, 03:20

phunsoft's gravatar image

phunsoft
11113
accept rate: 0%


One Answer:

1

In a win7 environment it is winpcap that is actually capturing traffic not wireshark itself. On the inbound path that packets are captured before any local FW / Security Software sees them. On the outbound path it is after the FW/Security. So if the FW blocks outbound traffic you won't see it.

Regards Matthias

answered 24 Nov '14, 04:09

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

Hi Matthias, Just the answer I've been looking for! Thanks a lot.

Regards Peter

(24 Nov '14, 04:22) phunsoft