This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have setup Wireshark to run on a Windows Server 2012 machine. When starting a capture my response times from my remote locations and local traffic return a TTL timeout with the capture nics address. Connections for my users stop. I have setup a span port on my Cisco 3750 stack and triple check my setup to make sure they are setup correctly. I have the latest version of Wireshark and WinPcap. This is the only application running on the server. The server has 18 gb of ram and two Xeon processors. Is this a server 2012 issue? Could I have something set wrong? Any help would be greatly appreciated.

asked 05 Sep '13, 10:11

na2013's gravatar image

na2013
11112
accept rate: 0%


When starting a capture my response times from my remote locations and local traffic return a TTL timeout with the capture nics address.

That could be caused by some kind of routing loop, created by the Win 2012 server.

If you capture on the server, it will receive packets that do not belong to itself (that's why you sniff on a mirror port ;-)). Now, if IP Forwarding is enabled on the server, it will receive those packets, Wireshark will see it, but the OS will not drop them. Instead it will froward them (route them ) to the appropriate next hop. This process will lower the TTL value of those packets by one and duplicate packets in your network!!

I'm not sure if that fully explains your problems, but it is worth checking if IP Forwarding is enabled on your Windows server 2012.

Regards
Kurt

permanent link

answered 09 Sep '13, 09:19

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×254
×52
×36
×6

question asked: 05 Sep '13, 10:11

question was seen: 6,184 times

last updated: 09 Sep '13, 09:19

p​o​w​e​r​e​d by O​S​Q​A