Hi, I have an unusual issue on one of our servers. The server (Windows 2008 R2) is running Digital Radio Software that logs everything that occurs on the Digital Radio Network. It appears that the packets are randomly dropped at random times - which leads to conversations being lost and other stats/incidents. For some strange reason when Wireshark is opened on this server, the packet loss ceases and everything runs fine. I am at a loss as to why this would happen? I was under the impression that Wireshark doesn't open any ports and only listened to the traffic that came through the NIC? If someone may be able to shed some light on this that would be appreciated. Thanks asked 31 Aug '15, 16:50  began |
One Answer:
Wireshark doesn't open any ports (except when checking for an update). My guess is that you have some layer 2 trouble where the radio packets are sent to the wrong MAC address at the random times you mention. Since Wireshark puts the interface into promiscuous mode it'll accept now packets that do not have the MAC of the interface. That way the packets with the wrong MAC are accepted, and there is no "loss". You need to investigate your MAC addresses. My guess is that they change sometimes for whatever reason, so that when Wireshark is not running the connection is lost. Find out when that happens and what the changed MAC is/where it belongs, and you should be able to find the cause. answered 31 Aug '15, 17:12  Jasper ♦♦ |
Try capturing in Wireshark without turning promiscuous mode on. If you see the packet drops when Wireshark is running without turning promiscuous mode on, then it's probably as Jasper described.