Recently received the following error while trying to do a packet capture on windows.
There are two solutions to this problem
- Disable promiscuous mode for the adapter
- Update Npcap
Disable Promiscuous mode
“Please turn off promiscuous mode for this device”
You can turn on promiscuous mode by going to Capture -> Options
And click Start
If you need promiscuous mode on, then look at installing a newer version of Npcap
Restart Wireshark, and Start a capture.
Filter to show DHCP packets
You can find detailed info here. https://wiki.wireshark.org/DHCP
But you should be able to filter out the DHCP request with either
Filter by IP Address
ip.addr == 192.168.1.1
Filter by Mac Address
eth.dst == 01:00:5e:7f:ff:fa
Better way to Filter
Wireshark has a robust set of options for filtering items.
From the Packet Details pane you can select any piece of information you want to filter, right click -> Apply As Filter -> Selected
You can also copy it and then past it in the filter bar. Right click -> Copy -> As Filter
Setup Packet Sniffer on Mikrotik
Go to Tools -> Packet Sniffer
Configure the Streaming options. Set the Server IP address to the computer you are running Wireshark on
Configure the Filter settings. Unless you want to stream everything from the router to your computer.
Make sure the TZSP is enabled in the “Enabled Protocols” Window. Either by going to “Analyze -> Enabled Protocols” or “Ctrl + Shift + E”
Open up your capture file in Wireshark.
And apply the following display filter. Shortcut key is Ctrl+/
eth.src == aa:bb:cc:dd:ee:ff
Change the above mac address to the one you want to filter by.
More filtering info can be found at the following link