It appears that setting promiscuous mode in windows 7 enterprise x64, is not really setting promiscuous mode at all. I am trying to capture raw ethernet packets, ie not TCP/IP or any other format, it is debugging information. I have it directly connected, no switches. All drivers, winpcpap, and wireshark are up to date. When I start the capture, if I look at the "Local Area Connection Status" I can see the bytes being received. If I use my old XP machine it captures them just fine. If I use "Microsoft Network Monitor" it captures them just fine. I also tried Windump, and it doesn't capture them either. Any ideas? asked 19 Dec '13, 09:45  BenWhite |
One Answer:
Well, I started shutting down all unneeded services. I found that the "McAfee Host Intrusion Prevention Service" was the culprit. Upon further investigation, it was filtering out my raw ether packets since they were "Non-IP Protocol." answered 19 Dec '13, 11:49 BenWhite |
Which version of Wireshark are you using? Which version of WinPcap are you using?
Wireshark 1.10.4 and also tried 1.5.1 WinPcap 4.1.3 also tried 4.1.? and 4.2.? (don't remember exact older versions.)