I Have a Windows XP Machine Running wireshark, connected to a Mirror port on a network. I'm capturing with no filtering, and it can only see half of some two way TCP conversations. I had thought it was a mirror port issue on the switch, but I can take the same ethernet cable, plug it into a laptop running the same version of wireshark and see both sides of the conversation. I also see a lot more random network activity such as NBNS queries, LLDP multicasts, and Dynamic Truning protocol packets.
This does not appear to be a promiscuous mode issue, because I do see half of a TCP conversation from point A to point B, and I am point C. I've tried replacing the network card but that isn't it. Its not random packet loss, because I see every packet for one side of the one conversation (based on sequence numbers)
I'm looking for any Windows configurations or other programs or clues that could be preventing Wireshark from capturing all packets.
Check the span/mirror port configuration to make sure it's doing what you expect. Some switches can be configured to capture only inbound or only outbound traffic (with both directions being a third option).
As an example, this should verify the state on a Cisco device:
(this shows traffic on interface Fa0 is replicated both inbound and outbound directions and send out Fa1 to be captured)
This behaviour was achieved with the following config:
Reinstall new version winpcap and try capture data again. Sometimes,winpcap's issue may lead to such problems.