This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can’t monitor passive tap

0

Windows 10 laptop with current version of Wireshark allows me to monitor passive tap traffic on built-in port but not USB network adapter. I can monitor traffic on USB network adapter only when that adapter is getting normal network traffic, so not from the passive tap.

I have tried Win10pcap as well as WinPCap, I have tried various settings.

When I'm using the Windows network connections control panel (even with Wireshark not running), I see the built-in network interface (connected to one of the passive taps) alternating in status from Enabled to Network Connection Unplugged, etc., and Wireshark shows activity on that interface. But the USB network adapter just sits at the "Network Connection Unplugged" status. From that, I infer that the problem is before Wireshark.

Note that I've used multiple USB network adapters with the same result, and that all of them work fine for connecting to a normal network, just not for a passive tap.

asked 11 Jul '16, 08:42

wnstrickland's gravatar image

wnstrickland
6113
accept rate: 0%

edited 11 Jul '16, 09:05


One Answer:

0

I would assume that the "passive tap" is so much passive that it only feeds the Rx direction of the port, so if the network card (regardless whether it is connected to the system bus or using USB) is configured for speed and duplex negotiation, it cannot get past the negotiation phase because no negotiation phase ever happens.

So you'll have to dive into the network card settings and try to set a fixed speed of the card (of course one matching the speed of the monitored connection) and disable negotiation. This is vendor specific so it may not be possible in your case. Plus some vendors support a single setting (auto-negotiation or a choice of a fixed speed/duplex combination which disables negotiation) and some control negotiation and speed/duplex settings separately (meaning that if you set fixed speed and duplex values, they still can be indicated to the connected equipment using the negotiation process, except that no others will be suggested/accepted).

My Win10 are not in English so I cannot give you the exact path names, but you'd start by opening the "Network connections and sharing center", choose "change adaptor settings" at the left of it, right-click on the adaptor in question in the list and choose "properties", and click the "configure" button at the upper right corner of the window that opens. This opens another window, and your luck is waiting at the leftmost but one tab. There is a list of various settings and one or two of these may do what you need.

answered 12 Jul '16, 11:50

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

edited 12 Jul '16, 12:04

I can find that. Thanks for the suggestion, sindy -- I'll give it a try.
There are so many settings I couldn't try every possibility!

(13 Jul '16, 12:50) wnstrickland