WireShark Skipping Certain Traffic?
I'm trying to analyze the traffic between an AXIS M1011W IP camera and a Furuno TZT14 marine chartplotter (which displays the camera output). Even though the moving camera output is displayed on the TZT14, I can't see anything on the wire from the camera resembling image data. All I see from the camera is IGMPv3, MDNS & SSDP packets containing mostly ASCII text. When I use a PC to display camera output, I see many TCP packets with 1460 bytes of image payload. Unfortunately, the PC test uses a different protocol (unicast RTSP) because I haven't figured out how to get the PC to communicate with the camera with the same multi-cast protocol as the TZT14.
The network is stand-alone and uses static IP addresses. WireShark is in promiscuous mode and is running on a Microsoft Surface laptop with Win10 and a SMC USB-to-ethernet adapter plugged into the laptop USB port. The TZT14 has 3 ethernet ports. The camera is plugged into 1 and the SMC/laptop/Wireshark into another.
Any advice will be appreciated. ---rick
If you take packet captures from both source and destination, do the packets differ?
Thanks for the suggestion but I'm not sure what you mean by capture from both source and destination. I'm currently capturing from a hub between the 2 devices. I also tried connecting the 2 devices directly to each other and used another port on the receiving device to connect the PC. If those multiple ports and the hub are active switches, that could explain why I don't see all the traffic. I plan to get an actual ethernet tap device for the WireShark connection and try again.
My bad. The extra ethernet ports on the Furuno TZT14 and the Hub-101 are actually active switches. When I capture with an actual ethernet tap (SharkTap), I see the image packets and other traffic I was missing.
Please post this as an answer and accept it. Cheers