Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] capturing packets in "stealth" mode on Windows
From: "Small, James" <JSmall@xxxxxxxxxxxx>
Date: Sat, 3 Feb 2007 15:27:12 -0500
Dave, Under the Network Adapter Properties, under the General Tab, you should see a list of clients/protocols/etc. that "use" the particular network adapter. For example: Client for Microsoft Networks VMware Bridge Protocol Deterministic Network Enhancer File and Printer Sharing for Microsoft Networks Network Monitor Driver Internet Protocol (TCP/IP) You want to uncheck everything except the Network Monitor Driver - I believe this is what WinPcap is using to monitor the network adapter. You should then be able to "silently" monitor the network that this particular network adapter is hooked up to. I have tried this and it works for me. That said, if you want a perfect solution, you would have to have to get a switch that can mirror/SPAN ports, or get a network tap, or cut the transmit wires on the patch cord. --Jim > -----Original Message----- > From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users- > bounces@xxxxxxxxxxxxx] On Behalf Of David Durgee > Sent: Saturday, February 03, 2007 9:26 AM > To: wireshark-users@xxxxxxxxxxxxx > Subject: [Wireshark-users] capturing packets in "stealth" mode on Windows > > I need to capture packets between a cable modem and a > router for diagnostic purposes. I have inserted a hub > between them, so I can attach the Win2K system to it, > but I need to avoid having the capturing system > inserting packets of its own as it might either mask > the problem I am trying to diagnose or create new > problems. > > I have downloaded and installed Wireshark 0.99.4 on a > Windows 2000 system. I am able to capture packets on > my ethernet interface with the interface enabled and > in full operation, but if I disable the interface as I > expect I will need to in order to operate "stealthy" > the interface is not available to select for capture > in Wireshark. > > How do I need to configure things to be able to do > what I need? Can I define another ethernet interface > using the same NIC that has no protocols enabled on it > and then swap which one is enabled? Do I need to > disable all protocols on the existing interface for > the capture and then manually re-enable them when I > want to reconnect to the network? > > Any help appreciated. > > Dave > > > > > > ________________________________________________________________________ __ > __________ > Cheap talk? > Check out Yahoo! Messenger's low PC-to-Phone call rates. > http://voice.yahoo.com > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-users
- Follow-Ups:
- Re: [Wireshark-users] capturing packets in "stealth" mode on Windows
- From: Guy Harris
- Re: [Wireshark-users] capturing packets in "stealth" mode on Windows
- References:
- [Wireshark-users] capturing packets in "stealth" mode on Windows
- From: David Durgee
- [Wireshark-users] capturing packets in "stealth" mode on Windows
- Prev by Date: Re: [Wireshark-users] Reassemble packets from Gnutella download?
- Next by Date: Re: [Wireshark-users] capturing packets in "stealth" mode on Windows
- Previous by thread: Re: [Wireshark-users] capturing packets in "stealth" mode on Windows
- Next by thread: Re: [Wireshark-users] capturing packets in "stealth" mode on Windows
- Index(es):