This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Packets ignored unless also captured by Wireshark

0

Is it possible for Wireshark to alleviate some sort of network effect that prevented packets from being received?

I installed Wireshark to investigate a problem with packets not being received by an application I am developing, only to discover that packets are all received correctly while Wireshark is capturing on that interface. If I stop capturing in Wireshark, the packets stop being received by my application.

If it helps, these are UDP packets sent to and received from a multicast address. In my current setup, my application is the only one broadcasting or listening to that address. I am running a Broadcom NetXtreme 57xx Gigabit Controller network adapter.

Anyone have any ideas?

asked 18 Apr '11, 08:55

Steve's gravatar image

Steve
1111
accept rate: 0%

edited 18 Apr '11, 09:47

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850


One Answer:

2

Sounds like an issue wherein the interface hardware is not being set to accept frames addressed to the multicast address when you run your application.

When Wireshark runs it sets the NIC to "promiscous" so all frames are accepted.

I don't remember all the details about how this works, but ISTR it has something to do do with how the socket is opened.

[Update] A quick Google search finds the following: IP Multicast tutorial

answered 18 Apr '11, 09:02

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850
accept rate: 17%

edited 18 Apr '11, 09:14