I have installed wireshark on my computer running windows 7 and have seen the following problem: When I try to ping any ip addresses on my network (ex: my gateway), I can only see ECHO REPLY packets from the gateway to my machine. I don´t see the ECHO REQUESTS. (ping is responsive) When I try to open any web page I see only packets from the webserver to my machine. I don´t see the ACK frame, only the SYN-ACK. I also see various TCP packets from the http request, but none originated from my ip address. If I try to access any server via telnet or ssh, I still don´t see packets with my ip address as source. I only see packets sent BACK to me as destination. If I try to ping my OWN ip address, I get a response but NO packets captured in wireshark It´s as if wireshark is capturing BEFORE packets go out of my network card. I double checked and have no filters configured. Any ideas on what I´m doing wrong? asked 14 Apr '15, 14:53  fredpohl |
2 Answers:
Likely that some AV or Endpoint Protection or VPN software on the client is preventing capture of the locally originated packets. Fairly frequent question here, see the answer by @Kurt Knochner to this question. answered 15 Apr '15, 01:57  grahamb ♦ |
I would recommend looking at layer 2 packets using your MAC address rather than looking for IP addresses. In particular, look for ARP requests without replies. This often happens if you have your Default Gateway setup incorretly. Also look to see if your PC is attempting to send out DHCP requests because your IP address isn't configured correctly or other possible problem such as duplex mismatch, etc. answered 14 Apr '15, 23:02  Walter Benton |
Nailed it! It was my VPN agent (Citrix Netscaler). After removing it, it worked fine.
If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.