This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

clean interface for stack development

0

Hi,

I'm porting an embedded TCP-stack. I'd like to use wireshark to test my implementation. The problem is that there is a lot of traffic on my notebooks ethernet interface. I cant use filters, because it is possible that the frames that are sent are corrupt so i would not see them.

Any idea how I can obtain an interface where the only traffic is the one i want?

asked 30 Mar '13, 02:31

Dill's gravatar image

Dill
1111
accept rate: 0%


2 Answers:

0

Get yourself a decent tap or switch and configure an mirror port, or get one preconfigured.

answered 30 Mar '13, 09:39

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

could you please explain how that would help?

(31 Mar '13, 02:20) Dill

Hook your laptop interface up to the monitor port, hook the device w/ embedded stack onto the mirrored port, hook the uplink to the rest of your network. If you want your laptop interface to be passive, then bring it up sans IP address (Linux), or disable protocol/services (Windows).

(31 Mar '13, 06:16) Jaap ♦

thanks for your help. i'm a little lost with this network stuff.... will i still be able to send test-traffic to the tested device? which services would that be for windows?

(01 Apr '13, 09:35) Dill

0

NOT an offence, I'm just a bit confused!!

You say:

I'm porting an embedded TCP-stack.

and then you say:

i'm a little lost with this network stuff...

Erm ... how do you port a TCP stack without decent network knowledge?

Anyway, maybe I'm misinterpreting the word 'porting'. Can you please add some information how you port that TCP stack and why you have to do it on a system that already has a TCP/IP stack in place (your laptop) instead of using a virtual machine. That information is necessary to understand your problem and why/how those two TCP stacks interact/conflict.

Regards
Kurt

answered 02 Apr '13, 09:18

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 02 Apr '13, 09:18

Kurt, I'm sorry for the confusion. I should have mentioned that I'm porting the stack (LwIP) to a microcontroller. So I just have to develop the PHY and MAC drivers for that platform which does not call for any deeper networking knowledge. But I need some tools to test the stack. I'd like to be able to "speak" to the ported stack without seeing all that noise that all these windows services and programs send out of the eth-interface of my (windows 7) notebook.

(02 Apr '13, 14:56) Dill

O.K. can you please add some information about your network setup. Is it like one of these?

PC -- switch -- Micro Controller
PC ---- Micro Controller

If so, how do you test LwIP? By sending/receiving data from the PC to the MicroController?

(03 Apr '13, 03:07) Kurt Knochner ♦

PC --- switch --- microcontroller is the setup right now, but it would be no problem to purchase some new hardware like a linux pc if that helps. Yes Id like to test LwIP by sending data from the notebook using wireshark to monitor. right now I use ping and netcat but for seriuos testing I'll need something else, but that'll be the next problem.

(03 Apr '13, 08:52) Dill

The problem is that there is a lot of traffic on my notebooks ethernet interface.

well, you could filter on the MAC address of the Micro Controller to see just traffic to/from that device.

I cant use filters, because it is possible that the frames that are sent are corrupt so i would not see them.

If the frames are corrupt, the OS (driver) or the NIC (hardware) might drop the frame anyways, so you won't see it in Wireshark. So, filtering on the MAC address of the Micro Controller may be 'good enough'.

My suggestion: Get a second interface for your system (pccard for a laptop) and disable all Windows protocol on that additional NIC. That way, you won't get 'noise' on the line between this NIC and the Micro Controller.

If that is not an option, get second PC with an operating system that is not that chatty ;-) (Linux, *BSD)

(03 Apr '13, 18:23) Kurt Knochner ♦

So, if i put a PCMCIA ethernet card in my laptop and disable all items but IPv4 in this window:

http://www.home-network-help.com/images/windows-7-network-tcpip.jpg

I'll have a silent interface?

Thanks for your patience :)

(05 Apr '13, 15:48) Dill
1

No, you also need to disable IPv4. Remove ALL check marks to get a silent interface.

(06 Apr '13, 04:51) Jasper ♦♦
1

Hint: If you disable IPv4, you will be able to capture traffic, but you won't be able to send/receive any data to the Micro Controller via that interface, at least not with standard system network calls.

(06 Apr '13, 08:50) Kurt Knochner ♦
showing 5 of 7 show 2 more comments