Wireshark doesn't see packets when just one system is 'local'
Hi
Wireshark is not 'seeing' / capturing all of the packets I'd expect it to capture.
I'm using Wireshark 4.2.0 installed on a Windows Server 2022 system running in a VMware vSphere 7.0.3 environment. Looking in the Wireshark Capture Options page, I see that there is a check in the 'Promiscuous' column for the Ethernet0 interface, which is the only interface in this system (other than the loopback). I have three other systems in my environment: Local1, Local2 and Remote1. Local1, Local2 and my Windows Wireshark system are all connected to the same vSphere distributed port group. Remote1 is a physical asset that is not connected to this DPG, and is located elsewhere in our engineering lab. When I look at the policies for the DPG, I see (in the 'Security' section, that 'Promiscuous mode' is set to 'Accept'.
When I log in to Local1, and do a ping to Local2, these packets are seen and captured by my Wireshark system. Just as I'd expect.
But when I log in to Local1, and do a ping to Remote1, I see that the ping command completes successfully, but Wireshark does not see/capture these packets. Because one of the systems in this source/target pair is in the same DPG as the Wireshark system, I had expected the Wireshark system to see the packets.
Is this not correct?
Thanks! tl
If I read the VM documentation correctly a "distributed port group" is just a virtual switch. Then it makes sense that traffic between Local1 and Remote1 is not copied to Local2.
Hi Andre - thanks for the reply. Yes, I believe a distributed port group is essentially a switch. I'm trying to capture the packets exchanged between Local1 (which is connected to the DPG) and Remote1 (which is not connected to the DPG) using my Windows server (which is connected do the DPG). Since my Windows server and Local1 are both connected to the same DPG, shouldn't the Windows server see all traffic that enters/leaves Local1?
No. It is not a hub. See https://wiki.wireshark.org/CaptureSet...