This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Cannot see TCP messages of 3rd party device on my Windows 7 laptop

0

I am using a Windows XP laptop with Wireshark to capture all network messages to and from another device. I am using a port-mirroring switch between that device and its regular network connection. When I connect my Windows XP laptop to the output port of the mirroring switch, Wireshark sees and captures all message received by and transmitted by the other device. So I know that the port mirroring switch is working as expected.

However, when I use my Windows 7 laptop instead of my old Windows XP laptop and plug it into that same output port on the mirroring switch, Wireshark does not see any TCP messages that are being sent to/from the other device.

Why doesn't my Windows 7/Wireshark laptop capture 3rd party messages when they are captured just fine on my Windows XP/Wireshark laptop?

On my Windows 7 laptop, I am using Wireshark 1.10.2 (64-bit) with WinPcap 4.1.3 The Capture Option "Use promiscuous mode" box is checked.

Could it be a promiscuous mode issue with Windows?
Could it be a promiscuous mode issue with the NIC?

Is it possible that the firewall is blocking traffic that is for 3rd party devices?

Thank you for any insight or suggestions

asked 03 Oct '13, 07:44

markyi476's gravatar image

markyi476
11112
accept rate: 0%


One Answer:

0

If you're using a firewall on the Windows 7 system, I'd certainly suspect that might be the problem.

Can you disable the firewall temporarily to see if that improves matters ?

answered 03 Oct '13, 08:46

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850
accept rate: 17%

edited 03 Oct '13, 08:47