Home > windows > Not seeing all Traffic with Wireshark and Windows

Not seeing all Traffic with Wireshark and Windows

September 16Hits:2
Advertisement

I just installed wireshark on a windows machine, when I run the capture, I do see traffic, but not all. I am VNC'd into the box and see no VNC traffic, If I ping something from the box, I can see it. Is the common?

It says 'Broadcom L2 NDIS client Driver'.

Answers

It sounds like your card might have chimney offloading enabled. On systems with this feature, established TCP connections are handed off to the NIC for processing and the traffic bypasses any NDIS intermediate drivers (including WinPcap). More in-depth discussions can be found on winpcap.org and KB 912222. You can disable it using netsh int ip set chimney disabled.

This problem pops up occasionally on the Wireshark and WinPcap mailing lists. I'd imagine it will happen more often as the feature makes its way through various product lines and people upgrade to newer versions of Windows. Chimney, VM environments, and cloud computing are creating "new" and "interesting" challenges for packet capture.

You mean capturing traffic that is destined to other computers?

If it is, it isn't as simple as just installing it, you need a certain setup on your network.

There are a few configuration scenarios from the wireshark wiki here: http://wiki.wireshark.org/CaptureSetup/Ethernet

what you could also do is, have a computer with 2 nic cards serving as a gateway/router, all traffic passes through it.

here's a quick link with a guide on that: http://www.stanford.edu/~fenn/linux/

Related Articles

  • How to monitor VPN traffic with Wireshark on Windows 7?April 16

    I'm running Wireshark 1.6.7 (latest available release) x64 on Windows 7 x64. I only have a single network card on this computer, and Wireshark shows only it as an available adapter to capture packets on. If I establish a VPN connection (using Windows

  • Not seeing all Traffic with Wireshark and WindowsSeptember 16

    I just installed wireshark on a windows machine, when I run the capture, I do see traffic, but not all. I am VNC'd into the box and see no VNC traffic, If I ping something from the box, I can see it. Is the common? It says 'Broadcom L2 NDIS client Dr

  • How can I filter https when monitoring traffic with Wireshark?April 26

    I want to observe the HTTPs protocol. How can I use a Wireshark filter to do that? --------------Solutions------------- As 3molo says. If you're intercepting the traffic, then port 443 is the filter you need. If you have the site's private key, you c

  • How can I capture other computers traffic in Wireshark on a WiFi-network?February 8

    I run Wireshark on a MacBook Air and I also have a Android phone on the same WiFi-network. If I visit a website with the Android phone I can't see that DNS-traffic (or other traffic) in Wireshark on my MacBook Air. Is there any way I can capture all

  • How can I monitor HTTPS traffic with Wireshark? August 23

    Possible Duplicate: How can I filter https when monitoring traffic with Wireshark? I want to verify that the analytics package I've added to my iOS app is attempting to talk to the analytics servers (which I don't control). I think the analytics pack

  • Decrypting SSL traffic in Wireshark. Only headers get decryptedFebruary 13

    I'm trying to decrypt SSL traffic in Wireshark, and it partially works because I'm able to view the decrypted headers. The problem is that I don't see any of the packet contents, only their headers. Is there an explanation for this behaviour? A bit m

  • Can't decrypt imaps traffic in WiresharkFebruary 14

    I have currently problems to decrypt IMAPS Traffic in Wireshark. I set up the SSL Key with the correct IP Address, Port 993 and Protocol imap. The Key is the correct one. That is what I see in the SSL log: dissect_ssl enter frame #136 (already visite

  • how to capture rsync traffic in wiresharkJanuary 10

    I want to analyse what raw-data rsync transfers across for a sample input file. So I am using rsync over rsh (As traffic captured in wireshark will be easy to interpret). I am using following rsync command :- but there is no traffic generated when I

  • Can I listen to a remote IP's traffic using Wireshark? (Man in the Middle)July 15

    How can I listen to a remote IP's traffic using Wireshark? (Man in the Middle) --------------Solutions------------- If you are using a span port on a switch or something similar (hub, wifi), then you can see all traffic. In wireshark you can then set

  • Unable to capture wifi traffic with wiresharkOctober 1

    Even a few days ago everything was fine, but now simply I can't capture and see tcp, http, etc. wifi traffic but only the traffic for the protocols 802.11 and LLC. I used different wifi spots previously as well as now: none of them was changed someho

  • How to capture HTTPS traffic with Fiddler2 on Windows 8? Unable to generate certificate

    How to capture HTTPS traffic with Fiddler2 on Windows 8? Unable to generate certificateOctober 25

    How to capture HTTPS traffic with Fiddler2 on Windows 8? While trying to capture HTTPS traffic under Windows 8 I get permanent messages "Unable to Generate Certificate" while browsing: Renaming/moving files from C:\Users\MYNAME\AppData\Roaming\M

  • How can I drop a specific packet from my netwirk traffic using Wireshark UbuntuNovember 14

    How can I drop a specific packet from my network traffic using Wireshark Ubuntu --------------Solutions------------- You can configure firewall i.e. ufw in Ubuntu to block or allow particular type of traffic in Ubuntu or can also use iptables. Wiresh

  • is it possible to detect zigbee traffice via wireshark? if yes , how?June 4

    I have a zigbee access point. I am not able to detect its network. Also, unable to capture its traffic using wireshark like we capture wifi traffic. Can someone tell me what should be done to analyse the zigbee traffice --------------Solutions-------

  • Capturing un-encrypted HTTPS traffic using wiresharkOctober 20

    I am trying to capture HTTPS traffic between a client (windows machine) and a server. I would like to do this before the traffic is encrypted as I would like to analysis its contents. Is there an easy way to do this on the local machine? For example,

  • Wireshark and Windows FirewallJanuary 28

    If I block a port in the Windows Firewall, and then attempt a connection to that port from another PC, what should I expect to see in Wireshark? When running wireshark at the destination machine ('server' for lack of a better term), should I see: No

  • Capturing wireless traffic (using Wireshark)June 8

    When I run wireshark on a wired network it works fine and reports all of the packets. When I run it on a wireless network though I only see my own traffic. The wireless card I have is supposed to support packet capture and go into premiscous mode, bu

  • Network Traffic per process/application windowsJuly 12

    I know that there are plenty of applications to do this (like procexplorer) but is there anyway to access the winapi (what method/reference is used) to retrieve the network traffic (TCP, UDP, etc) per application or process? --------------Solutions--

  • How to filter http traffic in Wireshark?

    How to filter http traffic in Wireshark?December 21

    I suspect my server has a huge load of http requests from its clients. I want to measure the volume of http traffic. How can I do it with Wireshark? Or probably there is an alternative solution using another tool? This is how a single http request/re

  • What is blocking the FTP and HTTP traffic on XP with Windows Firewall disabled?August 19

    I've just had to reinstall the drivers for the D-Link G510 wireless card on an XP machine as they were causing a BSOD. It now successfully connects to the internet as I can ping and tracert to www.google.com with no problems but it won't browse the i

  • Traffic Monitor/Analizer for Windows GatewayNovember 11

    one customer has a simple LAN with Win2k8r2 server acting as GW, DHCP and DC for all PC. So internet traffic from PC is going to that machine, then it goes to ADSL router from the ISP. How can i check what and how long users are browsing? I was aksed

Copyright (C) 2017 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 0.681 s.