I am using a Windows XP laptop with Wireshark to capture all network messages to and from another device. I am using a port-mirroring switch between that device and its regular network connection. When I connect my Windows XP laptop to the output port of the mirroring switch, Wireshark sees and captures all message received by and transmitted by the other device. So I know that the port mirroring switch is working as expected. However, when I use my Windows 7 laptop instead of my old Windows XP laptop and plug it into that same output port on the mirroring switch, Wireshark does not see any TCP messages that are being sent to/from the other device. Why doesn't my Windows 7/Wireshark laptop capture 3rd party messages when they are captured just fine on my Windows XP/Wireshark laptop? On my Windows 7 laptop, I am using Wireshark 1.10.2 (64-bit) with WinPcap 4.1.3 The Capture Option "Use promiscuous mode" box is checked. Could it be a promiscuous mode issue with Windows? Is it possible that the firewall is blocking traffic that is for 3rd party devices? Thank you for any insight or suggestions asked 03 Oct '13, 07:44  markyi476 |
One Answer:
If you're using a firewall on the Windows 7 system, I'd certainly suspect that might be the problem. Can you disable the firewall temporarily to see if that improves matters ? answered 03 Oct '13, 08:46  Bill Meier ♦♦ edited 03 Oct '13, 08:47 |
