Wireshark · Wireshark-users: Re: [Wireshark-users] Question about Wireshark and the Windows Firewall

[David Aldrich <David.Aldrich@xxxxxxxxxxxx>]

Thanks for your answer. The problem is now resolved - the firewall rules were incorrectly setup. Group policy does not allow me to disable the firewall so it was harder to diagnose.

David

 

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Tim.Poth@xxxxxxxxxxx
Sent: 02 March 2012 13:30
To: wireshark-users@xxxxxxxxxxxxx
Subject: Re: [Wireshark-users] Question about Wireshark and the Windows Firewall

 

Winpcap is what grabs the packets for Wireshark and it does see traffic before its evaluated by the windows firewall. If you are concerned about the firewall eating the traffic try turning it off and testing. Some endpoint protection products also can eat network traffic, if you have anything like that loaded you might want to look at its logs / config.

Hope that helps

tim

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of David Aldrich
Sent: Friday, March 02, 2012 3:21 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Question about Wireshark and the Windows Firewall

 

Hi

We have written a 32-bit console application using Visual C++ Express 2008 that receives UDP packets on port 30000 from another (non-Windows) machine. When running on Windows XP our app receives the packets, but when running on Windows 7 it does not. I have configured Windows Firewall to open ports 30000-30002 to our application, so the packets should not be blocked.

 

Wireshark shows that the packets are indeed arriving at the PC.  What I am not sure of is whether they are getting through the firewall.  On what side of the firewall does Wireshark snoop?  If the packets are listed on Wireshark does it mean that they have got through the firewall?

Any suggestions or answers would be appreciated.

Best regards

David

 

Click here to report this email as spam.