Why can't I see outbound traffic too?
I have no filters in place and have selected all "real" (ie: non-virtual) interfaces. When I look for packets going FROM my ip address there is no data. I can see the other half of the conversation with the traffic coming in TO my ip address.
This solved my problem: wireshark-only-capturing-incoming-packets
The cause was the "DNE LightWeight Filter" installed along with the network interfaces:
Kudos to vasudevakamaswami
I can add one more possible solution here, I'm using a Windows 10 Pro in a Xen VM. I had the same issue, caused me a few quite inconvenient moments to find the solution: don't install the XEN PV network drivers! I just wanted to be too pedantic and had installed them about a week ago, when I set up the VM. As soon as I removed them now and set the card type to rtl, now everything works fine.
Are you capturing on Windows and do you have some endpoint AV or VPN software installed. If so then it is a common problem with some AV and VPN software, and you can either uninstall the offending software, or possible try the newer capture driver npcap (uninstalling WinPcap first).
That's interesting grahamb. The laptop on which I am having trouble does connect to the corporate WAN via a VPN gateway. The partner is on my local LAN outside the corporate WAN (i.e., not via the VPN). When I run wireshark on the local partner I see both inbound and outbound traffic. I suspect you have identified the root cause. I may examine the npcap option when I have some more time. Thank you.
Hey there,
I have just had this issue a few moments ago and I quickly spotted the root cause of this "minor" problem thanks to an older forum post I had found. Please check if you are using a VPN client software as Grahamb points out, simply try to disable its usage under NIC properties (Uncheck the box) upon a Windows environment.
Credits to: https://osqa-ask.wireshark.org/users/... on https://osqa-ask.wireshark.org/questi...
Hello there.
I suffered the same problem in my laptop: I surprisingly could only capture incoming traffic. The workaround suggested by graham (thanks, sir!) of using npcap instead of WinPcap worked fine and now I can capture both legs of any simple ping. As far as I remember I don't have any VPN client installed but, of course, I have AV (Comodo particularly). Regards.
Asked: 2017-11-23 01:36:04 +0000
Seen: 2,029 times
Last updated: Jul 27 '20
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
You'll need to add more detailed information (hardware & software) before this question can be addressed.