Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Windows 7 XP Mode - put interface intopromiscuous mode

From: "Keith French" <keithfrench@xxxxxxxxxxxxx>
Date: Fri, 13 Jul 2012 13:54:53 +0100
Somethings I should have said.

I am using the guest (XP mode) in bridged mode and from what I have read in this Technet article:-

http://blogs.technet.com/b/windows_vpc/archive/2009/12/07/networking-in-windows-virtual-pc.aspx

this adds the virtual PC network filter driver to the host (Windows 7), which causes it to act as a switch. The host will only forward packets to the guest if they are destined for the guest's MAC address. So even if you used Wireshark on the Host to start a capture (purely to put the hosts NIC in promiscuous mode), it would still only forward those to the guest if they were for its MAC address.

So unless there is a way to put the guest's NIC into promiscuous mode as well as the host's, this surely can't work.

However, these are my assumptions and I want to know if I am correct or not?

Keith French.


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx on behalf of Keith French
Sent: Fri 13/07/2012 11:40
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Windows 7 XP Mode - put interface intopromiscuous mode
 
When Wireshark is installed in Windows 7's XP mode virtual machine, is it possible for Wireshark/WinPcap to put the network card into promiscuous mode? From some testing I have done, I don't think it can, as I can only capture traffic to or from my PC. If it is connected to destination port of a span session on a Cisco switch it cannot see traffic from the source port of the span.

If Wireshark is running directly under Windows 7, obviously all works well. If you are wondering why I am trying to use XP mode for this, it is just something I am testing out for work.

Thanks.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe