I purchased a new laptop running windows 7 and installed Wireshark 64 bit version 1.4.0 Everything worked correctly for 3-4 days and now I only see Layer 3 messages. I have made sure there are no filters, all protocols are selected. I have uninstalled and reinstalled and even went to the 32 bit ap. I removed Win PCAP and reinstalled it also. I am at a loss as to what to try next. I can use my old laptop and see all the data but I can not get the new laptop to show everything. Any ideas that I can try? asked 20 Sep '10, 07:25  8300 edited 26 Sep '10, 01:54  SYN-bit ♦♦ |
2 Answers:
It sounds like your NIC might not be going into promiscuous mode. Are you sure that a) you're running with sufficient privileges to do that (typically administrator), and b) that the "promiscuous mode" box is checked in the capture options? answered 20 Sep '10, 08:03  jswan |
By "only see layer 3 messages" do you mean that you see the TCP connection setup (SYN + SYN/ACK + ACK) but not the actual data? If so this could be due to chimney offloading. answered 20 Sep '10, 10:48  Gerald Combs ♦♦ |
