This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Not capturing RoIP multicast traffic

0

I have a Telex Radio over IP multicast network and have had trouble getting it to pass over a carrier's ethernet link. I am trying to make sure the traffic is getting out to the carrier network. I have simplified the network to a minimum configuration for troubleshooting, so I have a radio console connected to a Linksys SF300-24 switch, connected to the Telex IP-223 (radio controller), then connected to the radio. The radio and console work correctly over the switch and IP-223.

Besides looking for the multicast on a regular port, I have tried mirroring the port and VLAN, and connecting the console (and radio) directly into the wireshark ethernet port. I have also tried a connection to a 10baseT hub (repeater, not a switch) without any multicast traffic showing up.

I can see (sniff) the normal traffic like spanning tree, arp and the constant pings (unicast) the console does to make sure they are in contact with the radio, but I still don't see the multicast. When hooked to the 10baseT hub, I can see (while transmitting) that there is high activity on all three ports (console, IP223 and wireshark) but there isn't any multicast traffic showing up. I am pretty sure the packets are getting to the NIC on the wireshark host because of link light activity, but still can't see them in wireshark.

I am running wireshark version 1.6.6 on a Dell Latitude E6400. I suspect it is a PC or NIC driver problem similar to the VLAN tagging problem with the Dell Latitude D620. Any Ideas?

asked 10 Apr '12, 16:42

Thor's gravatar image

Thor
1111
accept rate: 0%


2 Answers:

0

I assume that you are not using any capture filters and that you capture in promiscuous mode? If you are, WinPcap (which Wireshark uses to capture the packets) should be able to see the multicasts. If it is not, then the NIC/NIC-driver combination is filtering them out.

On the product page f the Dell E6400, it does not say which NIC is being used. Could you add the NIC brand and type to your question?

Have you tried capturing with a different system (with a different NIC) in the same setup?

answered 11 Apr '12, 00:43

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Correct, I wasn't using any capture filters. I first tried a Dell Latitiude D620 and then the E6400. Today I am going to try capturing from a workstation.

(11 Apr '12, 07:50) Thor

0

I tried to capture traffic with a workstation today with the same results, no multicast.

After closer inspection of the capture packets I notice there were ping responses, but I didn't see any ping requests. Thinking about ping DOS attacks I disabled the firewalls (Symantec Endpoint Protection and Windows firewall) and now I can see all multicasts and both sides of the pings.

answered 11 Apr '12, 09:21

Thor's gravatar image

Thor
1111
accept rate: 0%