This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Windows Server 2012 network problems

0

I have setup Wireshark to run on a Windows Server 2012 machine. When starting a capture my response times from my remote locations and local traffic return a TTL timeout with the capture nics address. Connections for my users stop. I have setup a span port on my Cisco 3750 stack and triple check my setup to make sure they are setup correctly. I have the latest version of Wireshark and WinPcap. This is the only application running on the server. The server has 18 gb of ram and two Xeon processors. Is this a server 2012 issue? Could I have something set wrong? Any help would be greatly appreciated.

asked 05 Sep '13, 10:11

na2013's gravatar image

na2013
11112
accept rate: 0%


One Answer:

0

When starting a capture my response times from my remote locations and local traffic return a TTL timeout with the capture nics address.

That could be caused by some kind of routing loop, created by the Win 2012 server.

If you capture on the server, it will receive packets that do not belong to itself (that's why you sniff on a mirror port ;-)). Now, if IP Forwarding is enabled on the server, it will receive those packets, Wireshark will see it, but the OS will not drop them. Instead it will froward them (route them ) to the appropriate next hop. This process will lower the TTL value of those packets by one and duplicate packets in your network!!

I'm not sure if that fully explains your problems, but it is worth checking if IP Forwarding is enabled on your Windows server 2012.

Regards
Kurt

answered 09 Sep '13, 09:19

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%