Hello, I'm tracing on a TAP the connection of a machine. I want to see the DHCP exchange of this machine. Normally I expect to see the sequence Discover - Offer - Request - Ack. But I see only Offer and Ack, the broadcast messages sent from the machine are not displayed. I tried several Wireshark Version from 1.6 to 1.10 with different WinPcap (4.1.2 / 4.1.3) also 32 Bit and 64 Bit versions and different Network Ports/cards on the PC. If I connect the TAP to a XP Laptop I see the full sequence but on the PC I don't see them. The Windows Firewall is disabled and no additional one is installed. The capture run in promiscous mode without any capture filter. The PC I have to use is an HP 8300 under Win7-64 with an additional 2 Port Ethernet Card from HP. I tried the Port of the cards and also the internal Port on the mainboard without success. asked 20 Jun '13, 03:00  thaloss |
One Answer:
Please try to disable the TCP/IP "binding" of the capturing adapter.
Regards answered 20 Jun '13, 03:17  Kurt Knochner ♦ |
Thanks, I tried it but no change, still only Offer and Ack visible.
regards
Thaloss
What kind of TAP is it (brand, modell)?
Can you try to use a switch mirror port instead of the TAP, to rule out the TAP as a possible source of the problem?
However, I think you already checked that, right?
So, the problem occurs only if your capturing system is Windows 7, right?
If so, is there any security software installed on that system (AV, Firewall, Endpoint Secuirty, VPN Client)? If yes, please disable/uninstall that piece of software and try again.