Wireshark make an SCADA app to fail

asked 2022-10-05 12:39:54 +0000

Hi! I work with SCADA systems and when I install wireshark in one of them, the system stops to receive/send data. I have been researching why this can happen, but besides knowing that Wireshark let the NIC card to work in promiscous mode and PCAP copies packets in order to analyse them, I have not found anything that could explain this behavior. Somebody have had a similar problem with this? Thanks!

Chuckc gravatar imageChuckc ( 2022-10-05 15:20:58 +0000 )edit

What version of what operating system is on the machine on which Wireshark is running?

Guy Harris gravatar imageGuy Harris ( 2022-10-05 18:59:30 +0000 )edit

Hi #GuyHarris! The OS version is Windows Server 2012 R2. The Npcap version is 1.71. I am using wireshark portable because I though it will work a light version of wireshark (even if the app still ask me to install it on the windows machine)

root1 gravatar imageroot1 ( 2022-10-05 19:25:35 +0000 )edit

Thanks #chuckc! I'm reviewing the post trying to find a solution for the problem. Thanks for the time and to post the source!

root1 gravatar imageroot1 ( 2022-10-05 19:31:05 +0000 )edit

answered 2022-10-05 13:09:46 +0000

My first guess. The SCADA app is not playing nice and using the network in a manner which conflicts with the npcap is working.

(And "the machine on which Wireshark is running is a Windows machine" is another part of the guess.)

Guy Harris gravatar imageGuy Harris ( 2022-10-05 18:58:54 +0000 )edit

It is a nice guess! When I stop using wireshark (unnistalling the Npcap) all the communication starts working again. The problem is I cannot troubleshoot signals without checking them first on a packet analyzer. I tried to use netsh (from the windows machine) but the OS seems to not support it (and it is not working).

root1 gravatar imageroot1 ( 2022-10-05 19:29:30 +0000 )edit

Asked: 2022-10-05 12:39:54 +0000

Seen: 993 times

Last updated: Oct 05

