While troubleshooting a network connection with Wireshark, I discovered that CIS is causing an issue with my packet captures. For some reason, when CIS is installed on my machine, it is causing only half of the traffic to be captured. For example, if I ping from my machine I can see the echo-reply packets coming from the destination but I do Not see any of the echo-requests going out from my computer. After pulling my hair out for a while, I finally decided to uninstall CIS and the problem cleared up immediately; packets were showing up in both directions again in my sniffs. I reinstalled CIS and the problem came right back. I tried disabling everything in CIS: Antivirus, Firewall, Auto-Containment, HIPS, VirusScope, and Website Filtering. Even with all of it off the packet captures are still showing only traffic inbound.
The only solution thus far has been to completely remove CIS.
I’m running Wireshark version 2.4.4, the problem was also happening on 2.4.3.
Any suggestions would be greatly appreciated. I’ve been a huge fan of CIS for more than half a decade now and I would hate to have to part with it because of this, but I need Wireshark to be able to do my job.
I’m asking about this and just to check what OS and CIS version are you using? I am able to see same behavior with CIS v6476 on Windows 10 1709 build 16299.192.
I’m seeing this behavior on two different machines.
One is Windows 10 1607 Build 14393.2007.
The other machine is Windows 7 Build 7601 SP1.
Both machines are running CIS 10.1.0.6476.
I just installed v10.2.0.6514 and a quick test shows bi-directional traffic in my sniffs again!
Thanks a bunch for addressing this. I’m happy I get to continue using your software. 8)