win7 64bit wireshark 1.6.4 only can capture receive packets,can't capture the packets which the PC sent out,that's mean I can't see the packets which the src ip is my PC's. asked 23 Dec '11, 00:00 prince_23 edited 24 Dec '11, 07:48 grahamb ♦ |
One Answer:
I had this issue, and found the cause to be the Deterministic Network Enhancer driver. Check if you have the "DNE LightWeight Filter" binding in your network adapter properties, and try disabling it to see if this makes a difference (see screenshot below). Please note that the Cisco VPN Client requires this driver to be able to connect. So if you are using this and leave the DNE LightWeight Filter disabled, you will probably find that you can't connect to your VPN. My suggestion is to only disable the driver while you are using Wireshark, and then re-enable when you have finished. I hope this solves your issue. answered 23 Jul '12, 15:28 Nick It worked¡ thank you so much¡ (23 Jul '15, 12:07) Pablo Andres A |
On what type of network interface is this happening? Ethernet, Wi-Fi, or something else?
Ethernet interface
Does that happen regardless of whether you're capturing in promiscuous mode or not? As I read the WinPcap code and both Microsoft's "Looping back NDIS packets" note and Microsoft's documentation on OID_GEN_CURRENT_PACKET_FILTER for NDIS 6.0 and 5.x, WinPcap, for Ethernet (and Token Ring) adapters, should show sent packets to the application using it whether it's capturing in promiscuous mode or not.