This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark Opening Ports?

0

Hi, I have an unusual issue on one of our servers.

The server (Windows 2008 R2) is running Digital Radio Software that logs everything that occurs on the Digital Radio Network. It appears that the packets are randomly dropped at random times - which leads to conversations being lost and other stats/incidents.

For some strange reason when Wireshark is opened on this server, the packet loss ceases and everything runs fine.

I am at a loss as to why this would happen? I was under the impression that Wireshark doesn't open any ports and only listened to the traffic that came through the NIC?

If someone may be able to shed some light on this that would be appreciated.

Thanks

asked 31 Aug '15, 16:50

began's gravatar image

began
6112
accept rate: 0%


One Answer:

1

Wireshark doesn't open any ports (except when checking for an update). My guess is that you have some layer 2 trouble where the radio packets are sent to the wrong MAC address at the random times you mention. Since Wireshark puts the interface into promiscuous mode it'll accept now packets that do not have the MAC of the interface. That way the packets with the wrong MAC are accepted, and there is no "loss".

You need to investigate your MAC addresses. My guess is that they change sometimes for whatever reason, so that when Wireshark is not running the connection is lost. Find out when that happens and what the changed MAC is/where it belongs, and you should be able to find the cause.

answered 31 Aug '15, 17:12

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

1

Try capturing in Wireshark without turning promiscuous mode on. If you see the packet drops when Wireshark is running without turning promiscuous mode on, then it's probably as Jasper described.

(31 Aug '15, 17:58) Guy Harris ♦♦