Ask Your Question
0

Why does Wireshark detect activity from my Win11 laptop connected to a Sharktap network tap?

asked 2025-09-23 18:03:32 +0000

Kerry is me gravatar image

updated 2025-09-23 22:37:18 +0000

Guy Harris gravatar image

I read that the ethernet port would be automatically disabled to traffic and put into promiscuous mode for listening purposes in the instructions.

Somehow I got back that my Wireshark machine did a host announcement and sent standard query responses directed at hosts outside my network.

Did I read the theory of operation wrong or were the instructions on the Sharktap lying too?

Really seems odd to me!

edit retag flag offensive close merge delete

Comments

So the quick start guide is for the Sharktap USB. Presumably you used the two Network ports to insert the Sharktap into some existing wired network; did you connect the USB TAP port into a USB port on the machine running Wireshark or did you use the Wired Tap Ethernet port and connect that to an Ethernet port on that machine?

Guy Harris gravatar imageGuy Harris ( 2025-09-23 22:43:42 +0000 )edit

I connected the ethernet port on the laptop running wiretap to the tap port on the shark tap just like all of the instructions said. That port is on the side. The through ports are on the end. all connected correctly.

All of that is neither here nor there if Wireshark can't shut up the ethernet port so that it mixes the laptop's ethernet to cry out for dchp while I'm doing a capture!

Never mind - nobody here has a clue either. Bunch of self proclaimed experts.

Kerry is me gravatar imageKerry is me ( 2025-09-23 23:03:14 +0000 )edit
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2025-09-24 07:30:37 +0000

hugo.vanderkooij gravatar image

Had a quick look at https://www.amazon.nl/Kosiy-SharkTap-... and it seems it is meant to tap traffic without inserting any traffic from a machine running wireshark.

But if your laptop sends out traffic on this link then it will show up on wireshark. That is a design issue with your laptop not with the tap.

edit flag offensive delete link more
add a comment
0

answered 2025-09-23 19:28:00 +0000

SYN-bit gravatar image

I can not comment on the Sharktap instructions, as those are third-party (do you have a link to the instructions?). As for the interface of the capturing system, promiscuous mode only means packets that would normally be dropped at the NIC (unicast packet not for it's own mac-address and multicast packets for groups that the nic was not subscribed to) will now be forwarded to the OS. There is no mechanism in the capturing host that prevents outgoing packets. Unless you remove the networking stacks from the interface of course.

edit flag offensive delete link more

Comments

https://midbittech.com/usb/USB%20Star...

There's the link. You read it.

Kerry is me gravatar imageKerry is me ( 2025-09-23 21:33:20 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2025-09-23 18:03:32 +0000

Seen: 244 times

Last updated: 2 hours ago

Related questions

Wireshark 2.4.1 GTK Crash on long run

Why redirection of VoIP calls to voicemail fails?

Capture incoming packets from remote web server

How do I get and display packet data information at a specific byte from the first byte?

Client is waiting for FIN flag from server for 30 sec

wifi disconnects as wireshark starts

How do I add "child item" to an item in the subtree?

What is the syntax for wireshark custom column

Getting error MSB4018 when trying to build wireshark sources

When/why would a device send a frame with ethertype 0x86dd (IPv6) but it's actually an IPv4 packet?