This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Packet loss after tcp handshake

0

Good morning,

A program is receiving packets, but I'm not seeing anything after the handshake in wireshark. Is it possible to view this in wireshark? I appreciate your patience.

asked 11 Dec '15, 07:11

beepboop's gravatar image

beepboop
5115
accept rate: 0%

edited 11 Dec '15, 07:22

sindy's gravatar image

sindy
6.0k4851


2 Answers:

1

Before digging in any other direction, please try to deactivate any security/antivirus software running on the machine on which you capture and try again. This type of applications often interferes with capturing process, or even worse, causes mysterious malfunctions of some network communication (which seems not to be your case).

answered 11 Dec '15, 07:26

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

1

Are you capturing on Windows Server 2008 or later? If so, read this link, and then see if TCP Chimney is enabled on your system. If it is, either turn it off, or capture from the wire instead of on the server.

Actually, moving your capture point to capture from the wire instead of directly on an endpoint will probably resolve the problem regardless of the cause.

answered 11 Dec '15, 08:44

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%