Wireshark is open source, you can read its code... From: Edward C Korsberg Sent: Monday, December 17, 2012 11:34 PM To: [email protected] Subject: [Winpcap-users] Odd behavior on failure to receive data fromwinPcap in some cases
I have an odd situation and will try to explain with detail what I am seeing and would really appreciate some help fixing this. On 2 pc's my setup is Windows 7 Ultimate, Service Pack 1 and have WinPcap 4.1.2 and Windows 7 Professional, SP1 and WinPcap 4.1.2 on a third pc. The PC's with Windows 7 Ultimate, Service Pack have Symantec EndPoint Protection version 11.0.6005.562 and the Windows 7 Professional, SP1 pc has Symantec EndPoint Protection version 11.0.7000.975 Prior to several months ago all was working fine. But then on 2 of my 3 PC's (win7 Ultimate & symantec 11.0.6005.562) I started having problems receiving data via the WinPcap API. In my applications I can open a connection/handle to an interface and I can successfully transmit data over this interface but all attempts to read/receive data result in the application being blocked. However I can open Wireshark and successfully receive data on these same pc's and interfaces. As I mentioned before these applications were working on all my pc's up until some months ago. I suspect our corporate IT department pushed (via the evil Altiris application) some security patch on my pc and then after rebooting these applications no longer worked in the aforementioned receive mode. Again I need to state that Wireshark can work fine and I assume that Wireshark is using the same underlying WinPcap dll/interfaces as my application but maybe wireshark has some secret back door interface I am not aware of. I have tried all reasonable combinations of pcap_open, pcap_open_live and using the classis pcap_loop vs pcap_next_ex and nothing seems to open up the reception of data. Symantec EndPoint Protection has the runtime option of disabling protection and I have tried this but there is no change in behavior. I should note that this errant behavior seems to be independent of the network interface I use. I have 4 different NIC's in my setup (yes a lot) and all behave the same. My suspicion is that this is related to Symantec EndPoint Protection but then I cannot explain why Wirehark would not also be affected by this. Ed Korsberg Rockwell Automation Mayfield Heights, Ohio 44124 440-646-4456 (phone) 440-646-3076 (fax) [email protected] -------------------------------------------------------------------------------- _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
_______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
