Wireshark missing/not captured packeges in TCP Client-Server Communication
Hey everyone,
I've successfully captured a server-client data communication. I've observed the client initiating a TCP-communication with the server, querying whether a specific serial number is in a database, and receiving a plain text response. However, I couldn't capture the packets containing the subsequent data exchange, even though they were definitely sent. I only received later in process some messages indicating that the transmission was successful.
Any insights into why Wireshark might have missed capturing those packets would be greatly appreciated.
Here are my considerations:
Encryption Issues: While encryption problems could be a factor, the clear text response contradicts this notion. Additionally, if encryption were the issue, one would expect to receive some unreadable data, but there was no data received at all.
Firewall/Antivirus or other software messing with Wireshark: If firewall or antivirus interference were the culprit, it should have affected the reception of the plain text response too. However, this did not happen, leaving me puzzled.
Wireshark Overload: The possibility of Wireshark being overwhelmed due to a high volume of client queries (there are some other clients communicating with the server) is maybe the issue here. This could explain the missed packets related to the subsequent data exchange. However, I remain uncertain about the validity of this hypothesis.
Thanks in advance!
Did you have any capture filters, likely a cause of "missing" packets in an otherwise normal connection.
No, I had no filters enabled.