This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Why am i only able to access specific websites while running a packet capture?

0

I am unable to access specific websites like outlook.office365.com (time_out err) except when I am running a packet capture in wireshark2.0. Why? To safe time yes AV scans and malware scans have been ran with no success.

What makes running a packet capture makes this work?

asked 24 Nov '15, 13:14

chicknbroth's gravatar image

chicknbroth
6112
accept rate: 0%

One Answer:

0

What makes running a packet capture makes this work?

Running Wireshark will change two things

  • The interface will be switched into promiscuous mode (listening to MAC addresses other than the hardcoded address of the NIC)

  • WinPcap (the capturing library on Windows - I assume you are running Windows) will inject itself into the network stack to be able to capture network frames

So, one of these two modifications makes your website access work.

  • If it works because of promiscuous mode it could mean, that the reply packets from your internet router will be sent to another machine on the network (another MAC address). This could be caused by a duplicate IP address on the network. Windows should tell you if there is a duplicate IP. Did see those messages?

  • If it works because WinPcap injects itself into the network stack, then it's probably because of some security software (Endpoint security, AV, IPS, VPN client, etc.). Please disable any security software on that system, and repeat the test. We have had numerous similar reports.

Regards
Kurt

answered 24 Nov '15, 16:49

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%