Wireshark-users: Re: [Wireshark-users] Windows leaking packets that Wiresharkdoesn't detect!
From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
Date: Mon, 18 Jun 2007 13:26:20 -0700

----- Original Message ----- From: "Joerg Mayer" <jmayer@xxxxxxxxx>
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Sent: Monday, June 18, 2007 8:39 AM
Subject: Re: [Wireshark-users] Windows leaking packets that Wiresharkdoesn't detect!


On Sun, Jun 17, 2007 at 12:09:55PM +0800, Surg Junk wrote:
A few days ago I noticed on the status page of my wireless connection that I
was constantly sending packets, far more packets than I was receiving.
Believing this to be suspicious I ran virus and spyware scans, disabled any
unnecessary services, ended any process I knew I didn't require but still
couldn't trace the cause of the leaky packets.

I then used wireshark thinking this would definitely lead me to the source of the packets but having ran the scan a number of times, it doesn't produce
any results. That's not to say wireshark isn't working. If I start up
internet explorer or irc, wireshark immediately captures and displays the
packets but if I just have wireshark capturing and nothing else running, I can see the sent packets going up on the wireless connection status page but
nothing is captured.

On windows, wireshark has problems capturing on wireless interfaces.
Maybe that is the problem. Please see
http://wiki.wireshark.org/CaptureSetup and then check the wireless
link on that page.


Well, if the user is able to capture packets sent by his browser, that might be something else. One of the things that could cause such issues is NDIS Intermediate drivers. WinPcap sits on top of them, so if you have some IM driver generating traffic on its own, WinPcap won't see it, but the statistics of your network card would probably increase.

Just my two cents
GV






ciao
     Joerg
--
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users