Wireshark-users: Re: [Wireshark-users] Windows leaking packets that Wiresharkdoesn't detect!
----- Original Message -----
From: "Joerg Mayer" <jmayer@xxxxxxxxx>
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Sent: Monday, June 18, 2007 8:39 AM
Subject: Re: [Wireshark-users] Windows leaking packets that Wiresharkdoesn't
detect!
On Sun, Jun 17, 2007 at 12:09:55PM +0800, Surg Junk wrote:
A few days ago I noticed on the status page of my wireless connection
that I
was constantly sending packets, far more packets than I was receiving.
Believing this to be suspicious I ran virus and spyware scans, disabled
any
unnecessary services, ended any process I knew I didn't require but still
couldn't trace the cause of the leaky packets.
I then used wireshark thinking this would definitely lead me to the
source
of the packets but having ran the scan a number of times, it doesn't
produce
any results. That's not to say wireshark isn't working. If I start up
internet explorer or irc, wireshark immediately captures and displays the
packets but if I just have wireshark capturing and nothing else running,
I
can see the sent packets going up on the wireless connection status page
but
nothing is captured.
On windows, wireshark has problems capturing on wireless interfaces.
Maybe that is the problem. Please see
http://wiki.wireshark.org/CaptureSetup and then check the wireless
link on that page.
Well, if the user is able to capture packets sent by his browser, that might
be something else.
One of the things that could cause such issues is NDIS Intermediate drivers.
WinPcap sits on top of them, so if you have some IM driver generating
traffic on its own, WinPcap won't see it, but the statistics of your network
card would probably increase.
Just my two cents
GV
ciao
Joerg
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users