Hello,
I have a mystery to solve and hope someone may have seen this
issue before.
On a Windows 2003 R2 SP2 32-bit system Wireshark cannot see
certain TCP/IP traffic flows. I belive the culprit is the MS
ISA Server client that is running on the system. (see
http://en.wikipedia.org/wiki/ISA_Server ). As with most things
Microsoft, much about the workings of this product is unknown.
I believe the 'FwcAgent' client daemon hooks itself into the
network protocol stacks and plays various games with traffic.
The missing traffic is invisible to NETMON as well, so AFIK the
problem is not with Wireshark.
The same traffic is visible on an identically configured server
that is not running 'FwcAgent'.
Can't see Terminal Server RDP traffic for the session over which
the machine is accessed. This traffic flows through the ISA
Server. More importantly cannot see TCP traffic for a
particular application that is connecting to a daemon running on
the same system as the ISA Server. Other TCP traffic is
visible, for example a SMTP session opened from 'telnet'.
Can't risk stopping 'FwcAgent' as access to the system might be
lost.
May need to open a ticket with MS on this, but it seems
reasonable to ask if anyone knows anything about it.
Thanks
