Symantec Endpoint Protection (SEP) appears to cause networking problems with NICs using a TCP Offload Engine (TOE). TOE is a technology in some NICs that allows all processing of the TCP/IP stack in NIC hardware rather than by the operating system. This feature may be evident by advanced NIC settings in the device manager that mention "Offload".
Slow/broken connections, Remote Desktop connection failures, other symptoms. See Microsoft article below for a list of issues:
An update to turn off default SNP features is available for Windows Server 2003-based and Small Business Server 2003-based computers
NOTE: The Microsoft article mentions only Windows 2003 SP2, but these symptoms may be seen in other Windows versions (Windows XP, Server 2008, Vista) after installing SEP. Symptoms may also be observed in virtual machines.
Offload problems that are caused by Symantec Endpoint Protection are fixed in SEP 11 RU5 and newer.
As a work-around, disable TCP Offload functions by following a combination of the instructions below.
Windows Vista, Server 2008, and Windows 7
You experience intermittent communication failure between computers that are running Windows XP or Windows Server 2003
TCP/IP Registry Values for Microsoft Windows Vista and Windows Server 2008
How to Enable/Disable TCP Offload
The Microsoft Windows Server 2003 Scalable Networking Pack release
For latest version of Wireshark:
Wireshark->Edit->Preferences->Protocols->TCP: enable TCP checksum validation.
When this option is enabled, all packets with bad checksums are displayed (by default) with red lettering on black background. A Wireshark indication of bad checksums doesn't necessarily mean the checksums are bad—a LOT of checksum errors likely means that TCP offloading is enabled and the NIC performed checksum calculations for the packets *after* they went through Wireshark.
In any case, TCP offloading may be part of various networking problems, sometimes only in combination with SEP. So, next step is to disable TCP offloading between the two networking points and re-test. Perform another capture if symptoms still occur.
If many bad checksums still appear, you haven't successfully disabled offloading--or something is truly wrong with the networking hardware.