Wireshark mailing list archives

Re: Question about Wireshark and the Windows Firewall

From: David Aldrich <David.Aldrich () EMEA NEC COM>
Date: Wed, 7 Mar 2012 08:51:52 +0000

Thanks for your answer. The problem is now resolved - the firewall rules were incorrectly setup. Group policy does not 
allow me to disable the firewall so it was harder to diagnose.

David

From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Tim.Poth 
() bentley com
Sent: 02 March 2012 13:30
To: wireshark-users () wireshark org
Subject: Re: [Wireshark-users] Question about Wireshark and the Windows Firewall

Winpcap is what grabs the packets for Wireshark and it does see traffic before its evaluated by the windows firewall. 
If you are concerned about the firewall eating the traffic try turning it off and testing. Some endpoint protection 
products also can eat network traffic, if you have anything like that loaded you might want to look at its logs / 
config.
Hope that helps
tim

From: wireshark-users-bounces () wireshark org<mailto:wireshark-users-bounces () wireshark org> 
[mailto:wireshark-users-bounces () wireshark org]<mailto:[mailto:wireshark-users-bounces () wireshark org]> On Behalf 
Of David Aldrich
Sent: Friday, March 02, 2012 3:21 AM
To: wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>
Subject: [Wireshark-users] Question about Wireshark and the Windows Firewall

Hi

We have written a 32-bit console application using Visual C++ Express 2008 that receives UDP packets on port 30000 from 
another (non-Windows) machine. When running on Windows XP our app receives the packets, but when running on Windows 7 
it does not. I have configured Windows Firewall to open ports 30000-30002 to our application, so the packets should not 
be blocked.

Wireshark shows that the packets are indeed arriving at the PC.  What I am not sure of is whether they are getting 
through the firewall.  On what side of the firewall does Wireshark snoop?  If the packets are listed on Wireshark does 
it mean that they have got through the firewall?

Any suggestions or answers would be appreciated.

Best regards

David

Click 
here<https://www.mailcontrol.com/sr/KYOcPt4UG13TndxI!oX7Ui!B!9hWdHWJhhm32xLvEse6!Iu9atEqP7K!RQUNDk0KYvjIxlvyyZ4NWyQ1f1p+mg==>
 to report this email as spam.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Question about Wireshark and the Windows Firewall David Aldrich (Mar 02)
- Re: Question about Wireshark and the Windows Firewall Tim.Poth (Mar 02)
  - Re: Question about Wireshark and the Windows Firewall David Aldrich (Mar 07)