I have a laptop with Windows 7 x64 Ultimate. I run the latest Wireshark version 1.4.1. I am running a capture on a switch port that has LACP traffic, which Wireshark should decode as "slow". All these packets are missing in my capture. If I boot into a Windows 7 x32 (laptop has a dual boot). I can run the same 32bit version of Wireshark & see this traffic in the capture. Is there some know bug? Could someone help? I'd be happy to provide additional information if needed. Thanks -Kevin asked 14 Oct '10, 13:01  ktwo edited 10 Nov '10, 07:02  Jaap ♦ |
One Answer:
There are a number of possible reasons, but they may be hard to verify:
answered 19 Oct '10, 16:29  Jasper ♦♦ Firewall is disabled. Nic driver should be irrelevant, I've tried 2 separate NIC's. Same device & NIC's booted into 32bit version of W7 capture packets. This is clearly an x64 issue. Be it OS or driver shrugs LACP is not required to be configured on the capture device. (20 Oct '10, 05:32) ktwo |
Hi Keven, I don't have an answer, but I seeing very alike issues with the latest version of w-shark on a 64bit windows 2008 R2 with MS TMG installed on it. It seems to be missing packets in the capture and it's irregular. I have duplicated the situation on a number of systems, some miss all packets, others see the packets going out of the nic but no return packets. Kind regards, Tom