Hi! I work with SCADA systems and when I install wireshark in one of them, the system stops to receive/send data. I have been researching why this can happen, but besides knowing that Wireshark let the NIC card to work in promiscous mode and PCAP copies packets in order to analyse them, I have not found anything that could explain this behavior. Somebody have had a similar problem with this? Thanks!
My first guess. The SCADA app is not playing nice and using the network in a manner which conflicts with the npcap is working.
(And "the machine on which Wireshark is running is a Windows machine" is another part of the guess.)
It is a nice guess! When I stop using wireshark (unnistalling the Npcap) all the communication starts working again. The problem is I cannot troubleshoot signals without checking them first on a packet analyzer. I tried to use netsh (from the windows machine) but the OS seems to not support it (and it is not working).
Asked: 2022-10-05 12:39:54 +0000
Seen: 2,567 times
Last updated: Oct 05 '22
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
Similar to wireshark blocking a TCP connection, (?) why ?
What version of what operating system is on the machine on which Wireshark is running?
Hi #GuyHarris! The OS version is Windows Server 2012 R2. The Npcap version is 1.71. I am using wireshark portable because I though it will work a light version of wireshark (even if the app still ask me to install it on the windows machine)
Thanks #chuckc! I'm reviewing the post trying to find a solution for the problem. Thanks for the time and to post the source!