cancel
Showing results for 
Search instead for 
Did you mean: 
cg91
Level 7

Wireshark capture problem when HIP is enabled

I have Wireshark capture problem with HIP on W7 64bits.

Outgoing trafic is not present in the capture when HIP is enabled. No filter is defined.

Any idea to solve this issue ?

0 Kudos
3 Replies
feeeds
Level 9

Re: Wireshark capture problem when HIP is enabled

I am seeing the same exact issue.  any luck getting this one solved yet ? I have ticket with support.

0 Kudos
greatscott
Level 12

Re: Wireshark capture problem when HIP is enabled

sounds basic but check for blocks? is the log showing any? check ePO for blocks for suspicious file type. ive seen .pcap files trigger this.

0 Kudos
feeeds
Level 9

Re: Wireshark capture problem when HIP is enabled

I heard back from tier 3.  This is actually a known bug.  There seems to be a conflict with HIPS (firewall) and with wireshark.  The FW does not block any packes, it just prevents them from being displayed.  The full response is below:

In a nutshell, for workarounds you can either disable the HIPSfirewall module when sniffing traffic wireshark or just use RawCap to snifftraffic and then view it in wireshark.

http://www.netresec.com/?page=RawCap

0 Kudos