This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Why does Wireshark cause my network to collapse?

0

I have a local network that I am trying to capture traffic on. Every time I start Wireshark and point it at that network, all the devices loose connection to each other. As soon as I stop Wireshark the problem goes away.

asked 01 Mar '17, 12:08

pabeader's gravatar image

pabeader
6112
accept rate: 0%

What type of network? Ethernet? Wi-Fi? Other?

(02 Mar '17, 13:38) Guy Harris ♦♦

Wired Ethernet. 192.168. network with 8 different devices all talking to each other. The effect is almost immediate.

(03 Mar '17, 04:40) pabeader

So does that network use a switch or a non-switching hub? Are you running Wireshark on one of those 8 devices, or on a separate device you've plugged into the network?

(03 Mar '17, 12:02) Guy Harris ♦♦

There are multiple switches all ganged together. I am plugging into an available port on one of them. Wireshark on my laptop.

(03 Mar '17, 13:26) pabeader

Does this happen only when Wireshark is capturing in promiscuous mode, or does it even happen when you try capturing with promiscuous mode turned off?

What operating system is your laptop running?

(03 Mar '17, 13:36) Guy Harris ♦♦

Promiscuous on or off.

It has stopped killing the network. Now I can't see the traffic I used to. I'm trying to capture tcp traffic for port:2001 Now I don't see any of this traffic at all. It seems that every time I start Wireshark it seems to act differently. Is there a different program that is simpler?

(07 Mar '17, 08:47) pabeader

Is there a different program

A number of other packet capture programs/tools exist. You can peruse the Tools page for some possibilities, or just perform an online search and I'm sure you'll discover some.

(07 Mar '17, 10:31) cmaynard ♦♦

Go ahead and close this thread. I gave up and quit trying to figure out the issue.

(21 Mar '17, 04:55) pabeader
showing 5 of 8 show 3 more comments

One Answer:

0

Where are you writing the captured WireShark files to?

If you're saving the capture on the local machine where WireShark is located you shouldn't experience this problem.

But if you're attempting to write the packets to a shared server drive remotely, that will cause a massive influx of traffic which might overload your network.

Cheers,

answered 20 Mar '17, 23:52

wbenton's gravatar image

wbenton
29227
accept rate: 0%