Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vanishing interface

From: M K <gedropi () gmail com>
Date: Mon, 24 May 2010 20:34:53 -0700
OK.  I have installed 4.1.1 and checked to see if the 'vanishing
interface' problem still happened.  Yes, it does.  But I don't think
that it is largely a Winpcap problem.  I think that I have figured out
what is happening...

My machine has a proxy front end.  After the key exchange, the
TCP/HTTP protocol traffic is forwarded and becomes SSH protocol
traffic.  What I think is happening is that the WAN people are running
multiple DNS queries.  One in the beginning and others later.  Since
the first query produces an IP before I log onto my proxy and the
subsequent query produces a different (yet consistent) IP, they are
dropping the connection.  My proxy is trying to rebound and do another
key exchange, etc. but ultimately, the proxy crashes. Often when this
happens, I have to restart everything.  This is the scenario that I
believe is largely causing the interface to disappear.  The ungraceful
exits.  I believe the problem lies with the extra WAN DNS checks.

I also believe that these WAN activities are causing some malformed
packets as well.

Thanks again

On 5/24/10, M K <gedropi () gmail com> wrote:

Don't know.  I will try and get back with you.  thanks

On 5/24/10, Gianluca Varenni <gianluca.varenni () cacetech com> wrote:

Does 4.1.1 show the same issue?

GV

--------------------------------------------------
From: "M K" <gedropi () gmail com>
Sent: Monday, May 24, 2010 11:38 AM
To: "Community support list for Wireshark"
<wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] Vanishing interface


Typo. 4.0.2  Sorry
On 5/24/10, Gianluca Varenni <gianluca.varenni () cacetech com> wrote:

There is no WinPcap 4.2. The latest version is 4.1.1.

Have a nice day
GV

--------------------------------------------------
From: "M K" <gedropi () gmail com>
Sent: Monday, May 24, 2010 8:57 AM
To: "Community support list for Wireshark"
<wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] Vanishing interface


I am using 4.2.  Yes, it has happened again but this time I was able
to get it back without waiting until the next day.  Thanks

On 5/24/10, Gianluca Varenni <gianluca.varenni () cacetech com> wrote:

This is most probably a WinPcap issue, and not a Wireshark one.

Which version of WinPcap are you using?
When you encounter the issue, can you please report a bug as
explained
here:

http://www.winpcap.org/bugs.htm

Have a nice day
GV


--------------------------------------------------
From: "M K" <gedropi () gmail com>
Sent: Sunday, May 23, 2010 9:22 AM
To: "Community support list for Wireshark"
<wireshark-users () wireshark org>
Subject: [Wireshark-users] Vanishing interface


Currently I am using this low-end machine (Windows 2000 OEM, dial
up)
for passive monitoring to debug application, firewall, security and
LAN issues via the generic adaptor & the WAN (PPP/SLIP) interfaces
working in tandem.  This has worked very well.  Or, at least, until
yesterday.

Yesterday, somehow I lost the WAN (PPP/SLIP) interface.  Without
that
interface, there was no capturing - unless one performs the
installation of the virtual loopback adapter.

Here is what I did.  When the WAN interface vanished yesterday, I
attempted to restart the box and then log on with WS.  No Wan
interface.  Today I booted up and again started up WS.  Today both
interfaces were back.

Here's my question:  Why did I loose the interface in the first
place?
Since this interface originates from the WAN (for which I have no
visibility) could this be a DCHP lease issue or an ACL issue or ?

Many thanks.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list
<wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list
<wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list
<wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list
<wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list
<wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe




___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: