This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capturing TCP handshake but no data traffic

0

I have an application that listens on port 6001. An interface will send something to the port and my software should acknowledge it via application layer protocol, but doesn't. It works in my test environment, but doesn't work at my client site. In wireshark at the client side, I see the tcp handshake but no data traffic. In the test environment, I see the tcp handshake but no data traffic. Any ideas?

I know Windows comes with a built-in tool called netsh. With netsh, you can capture traffic. I'm going to see if I see data packets in netsh using the following command while I wait for a response: “Netsh trace start scenario=NetConnection capture=yes report=yes persistent=no maxsize=1024 correlation=yes traceFile=C:\Logs\NetTrace.etl”

asked 12 Aug '15, 17:09

alan1337's gravatar image

alan1337
6223
accept rate: 0%

converted to question 12 Aug '15, 20:09

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


One Answer:

0

This sounds exactly like the question to which your question was originally posted as a comment (this is a Q&A site, not a forum; each question should be asked separately, so users can search for it before asking questions themselves).

As per the answer to that question, "Sounds like TCP Chimney to me..." If TCP Chimney is on for the interface on which you're capturing, try turning it off.

answered 12 Aug '15, 20:13

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%