Re: Windows 7 XP Mode - put interface intopromiscuous mode

Somethings I should have said.

I am using the guest (XP mode) in bridged mode and from what I have read in this Technet article:-

http://blogs.technet.com/b/windows_vpc/archive/2009/12/07/networking-in-windows-virtual-pc.aspx

this adds the virtual PC network filter driver to the host (Windows 7), which causes it to act as a switch. The
host will only forward packets to the guest if they are destined for the guest's MAC address. So even if you
used Wireshark on the Host to start a capture (purely to put the hosts NIC in promiscuous mode), it would
still only forward those to the guest if they were for its MAC address.

So unless there is a way to put the guest's NIC into promiscuous mode as well as the host's, this surely can't work.

However, these are my assumptions and I want to know if I am correct or not?

Keith French.

-----Original Message-----
From: wireshark-users-bounces@... on behalf of Keith French
Sent: Fri 13/07/2012 11:40
To: wireshark-users@...
Subject: [Wireshark-users] Windows 7 XP Mode - put interface intopromiscuous mode

When Wireshark is installed in Windows 7's XP mode virtual machine, is it possible for Wireshark/WinPcap
to put the network card into promiscuous mode? From some testing I have done, I don't think it can, as I can
only capture traffic to or from my PC. If it is connected to destination port of a span session on a Cisco
switch it cannot see traffic from the source port of the span.

If Wireshark is running directly under Windows 7, obviously all works well. If you are wondering why I am
trying to use XP mode for this, it is just something I am testing out for work.