This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can not see packets from local machine

0

Hello

Can't see the packets from my local Win7 machine in wireshark trace. I'm using wireshark 1.8.1 (x86) with winpcap (x86) 4.1.2 (4.1.0.2001) but my win7 x64. The machine itself is a DELL laptop with Intel(R) 82579LM Gigabit Network adapter (driver e1c62x64.sys (11.13.51.0) and DW1530 Wireless-N WLAN Half-Mini Card - I have the same problem on both.

asked 05 Sep '12, 22:15

pgavrailov's gravatar image

pgavrailov
1111
accept rate: 0%

Do you see local traffic if you use WinDump? If not, it's more than likely a WinPcap issue and not a Wireshark issue. Speaking of WinPcap, I vaguely recall a problem someone had where downgrading to an earlier version of WinPcap solved his problem. I don't recall the specifics so I'm not sure if it would be applicable in your case, but I suppose it wouldn't hurt to try. If memory serves, I think he had tried WinPcap version 3.1.

(06 Sep '12, 18:44) cmaynard ♦♦

One Answer:

0

Here are some possible reasons.

  • TCP Offloading, although you should then see "some" traffic. Anyway, please check:

    http://ask.wireshark.org/questions/13131/wireshark-does-not-capture-packets-w-payloads
    http://ask.wireshark.org/questions/12996/pci-nic-interferes-with-traffic-wireshark-setup

  • Windows Firewall or any other interfering software on the PC (AV, VPN, Endpoint Security, IDS, etc.). Please disable and try again.

http://ask.wireshark.org/questions/11149/why-does-wireshark-not-capture-any-traffic-from-source-machine-with-outbound-firewall-rules

  • WinPcap not running (properly)

sc stop npf
sc start npf

BTW: Dou you see non-local traffic (Broadcasts)?

Regards Kurt

answered 07 Sep '12, 02:36

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%