This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Telnet protocol not showing up

0

I have two servers that act as application servers. When I run wireshark on one of the servers the telnet data packets show up. But when I run wireshark on the other server they don't. I can see the TCP handshake but not the data packets. I have uninstalled and reinstalled wireshark several times. I know the packets are there because a lot of users are using that server and I see the handshakes.

What should I look at?

asked 21 Jan '11, 12:02

PAML's gravatar image

PAML
1111
accept rate: 0%


One Answer:

0

Have a look at the settings of the driver of your network card. It is probably configured to do some offloading. That often makes data packets slip past the capturing code.

You can find more info on http://wiki.wireshark.org/CaptureSetup/Offloading

answered 21 Jan '11, 12:18

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

I looked and that option was not there. Both machines have the network cards configured the same. I dont think that is it, thanks for the answer!

(21 Jan '11, 12:31) PAML

Another thing that could be in the way like this are VPN drivers...

(21 Jan '11, 12:38) SYN-bit ♦♦

These are physical machines not virtual machines, is that what you mean?

(21 Jan '11, 12:50) PAML

:-) No, I meant software that makes a Virtual Private Network connection (VPN). They also nest themselves in the Networking stack which can get in the way of the capturing mechanism.

(21 Jan '11, 12:58) SYN-bit ♦♦

how do I check that. The machines were set up the same, at least that is what the server guys said. LOL

(21 Jan '11, 13:02) PAML