It appears that setting promiscuous mode in windows 7 enterprise x64, is not really setting promiscuous mode at all. I am trying to capture raw ethernet packets, ie not TCP/IP or any other format, it is debugging information. I have it directly connected, no switches. All drivers, winpcpap, and wireshark are up to date. When I start the capture, if I look at the "Local Area Connection Status" I can see the bytes being received. If I use my old XP machine it captures them just fine. If I use "Microsoft Network Monitor" it captures them just fine. I also tried Windump, and it doesn't capture them either. Any ideas?
asked 19 Dec '13, 09:45
Well, I started shutting down all unneeded services. I found that the "McAfee Host Intrusion Prevention Service" was the culprit. Upon further investigation, it was filtering out my raw ether packets since they were "Non-IP Protocol."
answered 19 Dec '13, 11:49