Hello, Currently I am using Wireshark 1.10.2 (Win 7-64bit) and I am sending udp traffic to another device through Ethernet port. Other tools like Microsoft Network Monitor (I need Wireshark for some of its packet checking features) work find, but as soon as I start Wireshark listening, it drops outgoing packets. I can see outgoing packets in Wireshark, but they are not send to the end device anymore! How can I solve this issue? Thanks :-) asked 25 Sep '13, 02:31  Persisky edited 25 Sep '13, 06:49 showing 5 of 11 show 6 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
I don't think this caused by Wireshark, at least I have not seen this happen anywhere so far. Wireshark is pretty passive, so there is no way how it could/would drop packets.
how do you know that?
BTW: Can you please add more information about your setup? Client, Server, end device, etc.
Also, Wireshark relies on WinPcap to do the actual capturing on the Windows platform. Which version of WinPcap are you using? You could also try testing with WinDump to see if you get the same results as with Wireshark.
I am sending UDP packets using C# to a client which is a FPGA development board. Ip address of my PC is 10.0.0.1 (mask 255.255.255.0) and I send packets through port 11000 to FPGA board which has Ip address of 10.0.0.2 .
Without using Wireshark Packets easily reach to FPGA. I have packet counter and other monitoring tools that show this. I need to consider the FPGA response to incoming packets so I have to use a Netowrk Monitoring tool like Wireshark; however, as soon as the capturing mode of Wireshark starts I am not able to send packet to FPGA. Packets are shown as outgoing packets but they do not reach to Ethernet port anymore. I used Microsoft Network Monitor tool and it works fine. It shows the outgoing stream and does not have any affect on that, so I can send and receive udp packets without any problem. Unfortunately the Microsoft tool does not have some features of packet checking like Wireshark, so I would be glad to find out about Wireshark issue.
Thanks :-)
did you try another version of Wireshark (1.8.x) and WinPcap?
You never answered the question about which version of WinPcap you are using.
Also, the whole point of using WinDump is to try to determine if this is a Wireshark-specific problem or if it's common to other applications that also use WinPcap, such as WinDump.
I do not know how, but I did not notice that question before!
To make sure that there is no issue with my current installation of WinPcap, I re-installed the version which was offered by Wireshark 1.10 installer which I think is 4.1.3.
I will use WinDump and Wireshark(1.8.x) and report results.
It seems that the issue is from Winpcap! Even in WindDump outgoing UDP packets are dropped as soon as I start listening! As I mentioned they are shown in WinDump and WireShark, but they are not sent to Ethernet port anymore! Also Microsoft Network Monitor works fine and does not drop packets. Any solution?
what type of interface is it?
Can you show a sample capture file (on google drive/docs, dropbox or cloudshark)?
It is a Gigabit Ethernet Interface.
Here you can see one of UDP packets captured in WireShark:
I was thinking about a real capture file, to check if there is anything in the frames that could explain the behavior, although I don’t think it’s the data, but you’ll never know until you check.
BTW: Did you try to disable the windows firewall or any other security software on the sending PC, like these tools: AV, IDS, VPN client, Endpoint Security, Personal Firewalls, etc.
Have you read the WinPcap FAQ page for possible known problems, perhaps Q21 or Q22? If none of these fit your situation, then I’d suggest contacting the WinPcap developers.