Software that's working together with the network protocol stack at a low level can cause problems together with WinPcap.
Some known problematic software includes:
SonicWALL Global VPN Client, Version 18.104.22.1686: When installed together with WinPcap 3.1, the network interfaces are no longer available (ipconfig /all doesn't show them)
Cisco VPN client: duplicates packets, even if not running (installation is enough to cause problems) - Steve Masters
Cisco VPN client: may hide all packets, even if not connected - disable the firewall in the Cisco VPN client or stop the "Cisco Systems, Inc. VPN Service" -- Matthias Andree
- Citrix DNE Lightweight Driver: May hide outgoing packets - switching it off in the Network Connection properties may resolve the issue
F-Secure Anti-Virus Client Security - disable the firewall part of the suite and it works again. Kim Tiedemann
- Sunbelt Kerio Personal Firewall: Internet connection stops working while capturing, can't browse or anything. Disabling the firewall is not enough. No known workaround at this time.
Check Point VPN1 SecureClient (NGX R60 HFA1 Build 019): Tools>Disable Security Policy
Microsoft Forefront TMG 2010's filter when running on an external network card appears to prevent outbound packets from being captured. http://blogx.co.uk/Comments.asp?Entry=876 and http://ask.wireshark.org/questions/11714/only-inbound-traffic.
McAfee VPN client version McAfee-VPN-Client-22.214.171.12411.exe prevents outbound packet from being captured. The older version, Stonesoft-IPsec-VPN-Client-126.96.36.1998.exe (before Stonesoft was purchased by McAfee) also interferes with Wireshark.
<please append other known problems here>
If you have any such problems, you may contact the WinPcap team directly as the Wireshark developers can't do anything against it.
Is this a Win32 only problem, or are other OS/software combinations also problematic?
I have had this issue on Win64 --Matthew
I had this happen to me using Windows XP Professional, Version 2002, SP2 and SonicWALL Global VPN Clinet, Version 188.8.131.526. This happens with both the 0.10.13 and 0.10.14 downloads of Wireshark. I would be willing to help debug a solution ( email@example.com ).
We (the Wireshark developers) have outsourced Windows NDIS expertise to the WinPcap developers; you should contact them to see if they can work with you on this. --Guy Harris