Hello - I've been using my laptop with built in ethernet card to capture DICOM packets for a long time now. I recently purchased a new laptop that doesn't have a built in Ethernet card but has a USB-Ethernet adapter. I'm now unable to capture DICOM packets with the new USB-Ethernet adapter. I have searched everywhere on the internet and can't seem to find any answers. Does anyone know how to fix this issue? This question is marked "community wiki". asked 09 Feb '13, 18:31  bca showing 5 of 8 show 3 more comments |
One Answer:
Or a difference in the Wireshark preferences? Did you change anything in the default settings on your old laptop to see DICOM traffic (maybe it's not using the standard ports in your environment)? Please compare the following settings on the old/new laptop:
Regards answered 12 Feb '13, 02:45  Kurt Knochner ♦ |
What do you mean by "unable to capture DICOM packets"? Do you mean that, on an Ethernet segment that has DICOM traffic on it, you can, for example, plug both your old laptop and your new laptop into that segment at the same time, and the old laptop will see DICOM packets but the new one won't?
Is the DICOM traffic being sent to or from the laptop in question, or is it "third-party" traffic that must be sniffed promiscuously?
Does the laptop with the USB Ethernet adapter see any "third-party" traffic other than broadcasts and multicasts?
What operating system is are the machines running?
Yes that is correct, I am unable to capture DICOM traffic on an ethernet segmnet.
My setup is as follows:
I have my: a. "DICOM System" sending/receiving DICOM traffic b. "DICOM Server" sending/recieving DICOM traffic c. New laptop with "USB-ethernet adapter" d. Port for company network
e. Dumb hub
I connect a, b, c, and d into e (Dumb hub).
I can now monitor all ethernet traffic on my new laptop(c) between a and b, but can't see the DICOM traffic.
I then take my old laptop with "built in ethernet adapter" and replace it with "c". I can now see the DICOM traffic.
My new laptop with "USB-ethernet adapter" is running Windows 7 64-bit.
My old laptop with "built in ethernet adapter" is running Windows XP 32-bit.
Is the "dumb hub" a dual-speed hub?
If you "can now monitor all ethernet traffic on my new laptop(c) between a and b", that means you can monitor DICOM traffic between a and b, as it's Ethernet traffic, so presumably you mean something like "I should now be able to monitor all Ethernet traffic on my new laptop(c) between a and b, but I'm not seeing all the traffic". Are you seeing any unicast Ethernet traffic between a and b at all? Are you, for example, seeing non-DICOM TCP traffic, of any sort, between a and b?
Yes, the "dumb hub" is a dual speed hub.
What you stated is correct, "I should now be able to monitor all Ethernet traffic on my new laptop(c) between a and b, but I'm not seeing all the traffic".
And yes, I am seeing unicast (non-DICOM) Ethernet traffic between a and b with the new laptop.
The only two things I can see as being the root cause are: a. the difference in operating system b. the difference in the ethernet adapter
Thanks again for your help.
So:
1) what speed is the DICOM traffic - 10Mb/s or 100Mb/s?
2) what speed is the adapter on the old laptop running - 10Mb/s or 100Mb/s?
3) what speed is the USB adapter on the new laptop running - 10Mb/s or 100Mb/s?
100 for all
I.e., you could replace the hub with a 100Mb/s-only hub and it would still work?
If you're seeing other TCP traffic, but not DICOM traffic, with the new machine, and Wireshark is configured the same on both machines so that it recognizes DICOM traffic and dissects it as DICOM traffic in both cases, there's probably something really weird about the adapter driver or adapter on the new laptop.
If you're not seeing any TCP traffic with the new machine, that would be much less weird, as the adapter wouldn't know what's DICOM traffic and what's other TCP traffic.