I have a PC with 2 nics -
one on the network, and one that I use to capture packets with. The
capturing nic is plugged into the mirrored port on a managed switch. the
port it's The mirror port receives all packets from other monitored
ports on the switch.
When I use no capture
filter, it captures all traffic perfectly.
When I use an IP (host) or
tcp/udp capture filter on the monitoring nic, it captures no traffic. When
I use the same filter on the nic connected to the normal network, the filter
works fine. I can use an ether capture filter an it
works.
Previously, this PC had
ethereal on it with winpcap 3. It used to work fine (I haven't used it for
4 or 5 months). I uninstalled Ethereal and winpcap3 and installed the
latest version of Wireshark and WinPcap, and it acts the
same.
Because capture filters ARE working, but not with layer 3
or 4 traffic on the monitoring nic, I tend to believe there's some setting that
I need to change somewhere that I need to change.
Any ideas on what I
can/should do to enable capture filters to work? Currently I'm capturing
all traffic and relying on display filters, which is
tedious.
