I've installed wireshark on a server running Windows Server 2008 R2 Sp 2 to diagnose some multicast issues with an application and in the list of interfaces that wireshark shows it includes a mapped network drive. The list of interfaces to select for capturing includes the following:
Any idea why? It's a real problem because the multicast transmissions from my application are going through this interface. asked 01 Oct '12, 06:34 Guy73 edited 01 Oct '12, 06:37 |
One Answer:
Have you checked the Interface descriptions at Edit -> Preferences -> Capture -> Edit Interfaces? There might be a Comment for the second interface saying "M:\". In that edit window you can enter a name for each interface if you like. answered 01 Oct '12, 07:02 Jasper ♦♦ edited 01 Oct '12, 07:03 |
I checked the preferences section you referred to and cannot find anywhere in there where the adapter is named M.
In the network settings on the server it only list two network adapters but Wireshark list three. When I searched the registry for the HEX ID wireshark gives for the NIC it comes up with "Microsoft Failover Cluster Virtual Adapter"
I disabled clustering and tried running my application locally on one of the cluster nodes and still get the same problem.
This looks like a problem with the Microsoft cluster virtual adapter then. If I were you I'd open up a bug report at http://bugs.wireshark.org, including screen shots of the capture interface dialog and preferences section I mentioned.
I'm missing something here, why is it a problem? Wireshark only captures on the interfaces you tell it to, it doesn't influence the traffic in any way (apart from the requests it may generate to resolve names).
@grahamb: I took it as a problem because the original question mentioned that it is one - but you're right, if it is only that the NIC name is strange it should just be renamed as long as the capture works fine.