Ethernet Products
Determine ramifications of Intel® Ethernet products and technologies
4810 Discussions

Ethernet and wireshark filtering

BMill11
Beginner
1,778 Views

I am using Wireshark on a machine that has ( from the registry via regedit ):

 

DriverDesc : Intel(R) Ethernet Connection (2) I219-LM

and I added:

 

MonitorMode : 1 ( REG_DWORD 32 bit )

 

as per Intel help forum:

 

https://communities.intel.com/thread/51323 https://communities.intel.com/thread/51323

That did not help

Problem is that Wireshark sees all the traffic to and from the machine it is on but not between two different machines; they are connected with a hub.

In Capture - Options - Input, the Promiscuous box is checked.

Has anyone encountered this? Do you have a remedy? Is the Driver filtering out those other packets?

Thanks.

 

Boyd
0 Kudos
5 Replies
idata
Employee
777 Views

Hi BoydMills,

Thank you for posting at Wired Communities. Please refer to http://www.intel.ph/content/www/ph/en/support/network-and-i-o/ethernet-products/000007255.html http://www.intel.ph/content/www/ph/en/support/network-and-i-o/ethernet-products/000007255.html as this has to do with the network management agent or other software (such as "Network sniffer").

Just to double check both machines integrated with the same ethernet controller I219-LM ?

regards,

 

sharon

 

0 Kudos
BMill11
Beginner
777 Views

Thank you Sharon.

The link did point me to the newest drivers ( I month old! ) for the Ethernet adapter. I installed it.

https://www.intel.sg/content/www/xa/en/support/network-and-i-o/ethernet-products/000005498.html My Sniffer Isn't Seeing VLAN, 802.1q, or QoS Tagged Frames

Gives a list of devices ( e1d ) and what "magic" keyword: MonitorMode value 1 to add to the registry.

I had already done that but did it again.

I do not use vlan so that is a non issue.

The other units are not using the same Ethernet adapters.

The "hub" is just that: a hub. Dumb as a stick. A Bell 2000 device. The Ethernet hub part of the device is not programmable. Plus is does pass through of other protocols such as 'BACnet over Ethernet' that are not routable.

Still my sniffer "wireshark" can only see data that is sent to or from the pc on which it runs.

Please advise.

Boyd

0 Kudos
idata
Employee
777 Views

Hi BoydMills,

 

 

Thank you for the update and additional information. Let me further check.

 

 

Regards,

 

Sharon
0 Kudos
idata
Employee
777 Views

Hi BoydMills,

 

 

Just to double check if you have checked with Wireshark as the software can't capture the packets, understand the promiscuous is already enabled. Here is the reference information you may refer to: https://wiki.wireshark.org/HubReference (Please note this is third party website for your reference only, Intel has no control over the content therein).

 

 

Please feel free to update met.

 

 

Thanks,

 

sharon

 

0 Kudos
idata
Employee
777 Views

Hi BoydMills,

 

 

Please feel free to update me if further assistance needed?

 

 

 

Thanks,

 

Sharon
0 Kudos
Reply