I just installed wireshark on a windows machine, when I run the capture, I do see traffic, but not all. I am VNC'd into the box and see no VNC traffic, If I ping something from the box, I can see it. Is the common?
It says 'Broadcom L2 NDIS client Driver'.
It sounds like your card might have chimney offloading enabled. On systems with this feature, established TCP connections are handed off to the NIC for processing and the traffic bypasses any NDIS intermediate drivers (including WinPcap). More in-depth discussions can be found on winpcap.org and KB 912222. You can disable it using
netsh int ip set chimney disabled.
This problem pops up occasionally on the Wireshark and WinPcap mailing lists. I'd imagine it will happen more often as the feature makes its way through various product lines and people upgrade to newer versions of Windows. Chimney, VM environments, and cloud computing are creating "new" and "interesting" challenges for packet capture.
You mean capturing traffic that is destined to other computers?
If it is, it isn't as simple as just installing it, you need a certain setup on your network.
There are a few configuration scenarios from the wireshark wiki here: http://wiki.wireshark.org/CaptureSetup/Ethernet
what you could also do is, have a computer with 2 nic cards serving as a gateway/router, all traffic passes through it.
here's a quick link with a guide on that: http://www.stanford.edu/~fenn/linux/