Hello, I have a mystery to solve and hope someone may have seen this issue before.
On a Windows 2003 R2 SP2 32-bit system Wireshark cannot see certain TCP/IP traffic flows. I belive the culprit is the MS ISA Server client that is running on the system. (see http://en.wikipedia.org/wiki/ISA_Server ). As with most things Microsoft, much about the workings of this product is unknown. I believe the 'FwcAgent' client daemon hooks itself into the network protocol stacks and plays various games with traffic. The missing traffic is invisible to NETMON as well, so AFIK the problem is not with Wireshark. The same traffic is visible on an identically configured server that is not running 'FwcAgent'. Can't see Terminal Server RDP traffic for the session over which the machine is accessed. This traffic flows through the ISA Server. More importantly cannot see TCP traffic for a particular application that is connecting to a daemon running on the same system as the ISA Server. Other TCP traffic is visible, for example a SMTP session opened from 'telnet'. Can't risk stopping 'FwcAgent' as access to the system might be lost. May need to open a ticket with MS on this, but it seems reasonable to ask if anyone knows anything about it. Thanks _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
