This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capture of leaving packets doesn’t work on Windows

0

Hi at all, using Wireshark 2.0.4 and 2.0.5 I am still have a problem. If I start a capture i could see all packets without packets leaving my own interface.

e.g. if I do a ping, i am only able to capture the echo replays to me.

Any ideas? Could this be a driver issue?

asked 31 Aug '16, 06:30

magroll's gravatar image

magroll
6112
accept rate: 0%

edited 31 Aug '16, 07:52

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850

What OS are you using?

(31 Aug '16, 06:31) grahamb ♦

I am using Windows 7SP1 Professionall - 64 bit

(31 Aug '16, 06:50) magroll

Any VPN, firewall, and/or anti-virus software other than Windows firewall? There is a couple of Questions dealing with the same issue around here, with a common explanation that low-level drivers of such software interfere with WinPcap operation. You may try NPcap instead of WinPcap to avoid the issue, as the former binds into the networking stack at a different place than the latter, but if that does not help, you'll have to choose between ability to capture and use of the interfering software.

For testing, disabling the interfering software is often not enough as its network drivers remain plugged in. You would have to disable them manually (they are system services) or uninstall them.

(31 Aug '16, 07:21) sindy

Use the tag "outgoing" that I've added to your question to find the similar questions alluded to by @sindy.

(31 Aug '16, 07:50) grahamb ♦