This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

UDP multicast, Windows 7 firewall, Labview

0

I am sending UDP packets to a multicast address (224.1.1.1) on an unused port (60000) from an embedded board hooked into my network.

When I run a Wireshark capture on my PC, I can see the UDP packets. Everything appears correct (including checksums). I developed a Labview script to read the incoming UDP packets. However, it does not see the packets (i.e., times out when it tries to read the IP/port). My system is Windows 7, and the OS firewall is enabled. I have verified that Labview has firewall "privileges," but I have made no special provisions for the port in question (i.e., 60000).

Here's the interesting part: whenever I have a live capture going with Wireshark, the Labview script starts working (i.e., it sees the packets -- and agrees that they are formed correctly). It is very reliable and repeatable -- i.e., run the the Labview script. As I start and stop the Wireshark capture, the script can see and not see the packets, respectively.

Is Wireshark somehow letting packets through that would otherwise be blocked while in the act of sniffing?

asked 04 Oct '11, 09:56

hobbss's gravatar image

hobbss
1111
accept rate: 0%


One Answer:

2

You are probably running Wireshark with the "Capture packets in promiscuous mode" option selected which will cause the NIC to "accept" all packets. I think your Labview script isn't following the rules for a windows multicast receiver. See this MDSN link for more details

answered 04 Oct '11, 10:18

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Thank you for the response. Are you saying that the NIC is ignoring the packets when Wireshark is not running, but accepting them (and making them available to all processes on the PC) when Wireshark is running? This would make sense except for the fact that the UDP script in Labview was provided by National Instruments (example program). I expect them to make sure it works properly. Interestingly, if I run a UDP tx labview program on another PC with the same port number and multicast ip, the Rx works, whether or not Wireshark is running.

(04 Oct '11, 10:50) hobbss

As Graham pointed out, there are rules which must be followed when trying to receive multicasts. One step which must be done in the program: tell the OS that you want to receive multicasts on a particular multicast address.

If this isn't done your program may or may not work depending upon whether the NIC is running in promiscuous mode or whether some other program is already listening to that address.

Please read the link referenced for info.

Are you on Windows ?

Or: Is there some firewall issue ? Does the other PC have the same firewall setup ?

(04 Oct '11, 11:05) Bill Meier ♦♦