This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi, I got a problem using Wireshark.

I am writing an app which connects to a device via UDP protocol and receives some of its data. I could really use knowledge of what I am sending and receiving, since there is something wrong with the app.

While I am connected to the Internet, Wireshark works just fine, but when I switch the cable to connect to the device I cannot capture anything (well, there is something, but I can't see the packets I am sending using the app). How can I do that? Sorry if this is a very basic question, but I am a total newbie in this sort of things.

asked 06 Apr '13, 13:37

letsgoavs7's gravatar image

letsgoavs7
6113
accept rate: 0%

edited 08 Apr '13, 08:59

cmaynard's gravatar image

cmaynard ♦♦
9.3k1038142

How is the "device" connected? Are you using an Ethernet cross-over connection, or is this a device that is connected via USB etc? If it is Ethernet - do you get a link on your network card when you connect to the device?

(06 Apr '13, 16:22) Jasper ♦♦

Well, now I see I should've described it better in the first post.

I am connecting to my device via Ethernet cable and that is it. The device is based on uC and is programmed to send data after receiving specified command. Problem is, I wasn't the one to design and program this device and only thing I got is definitions of frames that need to be sent. Because this is my first serious project in C#, I am not really sure if I am doing this right, hence the need to see if anything is being sent. This is first time using sniffer too (well, to be honest, I did use it monitoring Wi-Fi packets one time). Thanks for your reply.

(07 Apr '13, 01:34) letsgoavs7

So, Windows seems to know there is a network, but cant identify it.

you probably need to disable DHCP on that interface and set the IP address (and netmask) manually to something that is in the same range as the external device.

Did you check your IP settings on the Windows box, while you are connected to the external device?

ipconfig /all

Can you also post the output of that command here?

Tried to ping my device, but every packet is lost.

Do you get an ARP entry for the IP address you are pinging (CLI: arp -a). If there is no ARP entry,

  • the remote device is either not in the same subnet as your windows interface
  • or the remote device does not (properly) answer ARP requests
  • or your windows box does not accept the ARP reply
  • List item

Regards
Kurt

permanent link

answered 08 Apr '13, 06:35

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 08 Apr '13, 07:27

Okay, I've checked what you suggested - as a result of ipconfig command I got this:

link text

There are also a lot of other entries, but they are irrelevant (wireless card, etc). Also, this is in Polish, but I you probably know what is what.

As a result of arp command, I didnt get any entry for the IP address of the device. So this has to be set up somehow, but I've run out of ideas how to do this.

(08 Apr '13, 07:51) letsgoavs7

Okay, I've checked what you suggested - as a result of ipconfig command I got this:

As a result of arp command, I didnt get any entry for the IP address of the device.

O.K. and what is the ip address of the 'device' you are trying to ping?

(08 Apr '13, 07:55) Kurt Knochner ♦

192.168.1.2

(08 Apr '13, 07:58) letsgoavs7

Well, according to the screenshot, your PC (157.158.x.x) is not in the same network as the device you are trying to ping. Please configure your PC to an IP address in the range 192.168.1.x and then try again.

(08 Apr '13, 14:48) Kurt Knochner ♦

Yeah, that worked. I can now send and receive data, but still can't believe I was having problems setting this thing up. I should've known better, but well, now I know ;)

I really appreciate all your replies here, you were very helpful. Thank you very much :)

(08 Apr '13, 15:20) letsgoavs7

Good!

Hint: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions.

(08 Apr '13, 15:22) Kurt Knochner ♦
showing 5 of 6 show 1 more comments

OK, you connect your device with a cable to your labtop on which you have your application and wireshark running.

Troubleshooting is best done from the ground up. So, first check whether you have a link at the ethernet level. Does both your laptop and uC show that the interface is up? Either by lighting a led or by checking in the settings (laptop only)? If not, you most likely have to use an ethernet cross-cable, as you are attaching two MDI devices to each other.

OK, once you have a link, you can try to see whether the device is reachable by pinging its IP address. Don't worry is you don't get a response, since it is an uC, it might not respond. However, it should have answered your arp request with an arp response (look in the wireshark trace) and on the command line of your laptop, you should see the mac-address of the uC listed with the IP address when you give the command "arp -a".

Once these two steps succeed, you know the device is reachable and you can start working on your test application and wireshark should show you all packets being sent from your application (assuming you choose the correct interface to capture on).

permanent link

answered 07 Apr '13, 03:04

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

So, Windows seems to know there is a network, but cant identify it. Ethernet driver from the device also seems know there is sth connected, as the LEDs are on. Tried to ping my device, but every packet is lost. As for wireshark, it doesn't show any new interface beside my cable and wireless connections I use to connect to the Internet.

For now I'm gonna try to talk to the guy who designed that device and see what he can say about this.

(08 Apr '13, 06:21) letsgoavs7

From the screenshot and the comment in @Kurt's answer it turns out that your device and your laptop are not in the same subnet. You will need to manually configure the ethernet interface of your laptop to be in the same subnet as the uC device.

As the uC device has 192.168.1.2, you can use 192.168.1.3 for your laptap. Use subnetmask 255.255.255.0 and no gateway.

Can you now ping the uC and do you see an arp entry for it when doing 'arp -a'?

(08 Apr '13, 08:11) SYN-bit ♦♦

When you say there are "sth" packets, I assume you mean "stp" packets (as there are no fields in wireshark starting with sth). STP packets are spanning-tree BPDU's used by a switch to prevent network loops, so I assume you connect to your "device" through a switch.

When using a switch, you will only see packets to and from your own device and broadcasts. So it is normal that you don't see any packets to and from your "device". You will need to use a real hub or configure port mirroring on the switch to be able to see packets for your "device".

If my assumption is not right, then please add a comment to your question with a detailed description of your network setup.

permanent link

answered 07 Apr '13, 01:03

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

I interpreted "sth" as a sloppy shortening for "something" and made that correction.

(08 Apr '13, 09:02) cmaynard ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×549
×166

question asked: 06 Apr '13, 13:37

question was seen: 4,754 times

last updated: 08 Apr '13, 15:22

p​o​w​e​r​e​d by O​S​Q​A