is it possible to block all packets in windows 7, so that nothing appears in wireshark?
I have tried choosing Block all for incoming.
for outgoing, I see it has no block all option, just a block option so it’s a whitelist. I tried that and disabling all the allow rules in incoming and outgoing. (if I recall I blocked outgoing and for good measure made a rule to block tcp and to block udp) I tried public profile too(it being more restrictive), and disabled anything in allowed programs.
but I still see traffic going through. ARP(I saw no option to block that), but not just ARP Even UDP and even some TCP.
UDP DHCPv6 a comp on my lan to IPv6 multicast BROWSER IPv4 UDP NETBIOS (one comp on my lan broadcasting to 192.168.1.255) BROWSER IEEE 802.3 LLC .. SMB DB-LSP-DISC (a comp on my lan with dropbox, broadcasting to 255.255.255.255 and 192.168.1.255) NBNS IPv4 UDP NetBIOS me to 192.168.1.255 NBSS IPv4 TCP NetBIOS a comp on my lan to me SSDP IPv6 UDP comp on LAN to IPv6mcast "TCP" IPv4 TCP a comp on my LAN to me IPv4 IGMP ARP
It looks like the Windows firewall can’t do it. But, can anything?
It’d be great to be able to disable everything in the sense of stopping all packets, so wireshark shows nothing, then to allow what I want. Not necessarily for any practical reason, but out of curiosity.
Answer
I may be mistaken, but I believe Wireshark sits lower (or perhaps the same level) on the network stack than the Windows Firewall. So even if the Windows Firewall is actually “blocking everything”, Wireshark will still see attempted incoming and outgoing packets. There just won’t be any network “converstations” because they’re all being blocked.
Attribution
Source : Link , Question Author : barlop , Answer Author : Ryan Bolger