This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capturing on GigE Headend Network

0

I am trying to capture the video interface on an Arris ad server. Using Wireshark I CAN see pings and I CAN see FTP frames from it and i can capture that data on wireshark. When it sends a video file I can NOT see the UDP frames that are known to be coming from it because it is airing an ad to a splicer. I have NO filters on. How can it be that I CAN see data coming from that port BUT I can not see the MPEG coming out in UDP frames?

asked 04 Oct '11, 13:18

scottjthomas's gravatar image

scottjthomas
1111
accept rate: 0%

In this case I am connected to a small gige switch right at the Arris output, I am right across the device that is sending the video packets.

(04 Oct '11, 13:21) scottjthomas

Adding the text from the second question you raised for this issue:

I am trying to capture IP packets to/from two ports. One port is a splicer on the other side of a 7609 switch and the other port is a small netgear gige switch and to that a PC and an Arris ad server are connected. I am trying to capture communciation between the ad server and splicer using the PC on the switch.

(04 Oct '11, 13:53) SYN-bit ♦♦

The Arris IS known to be sending control messages to the splicers but I can NOT see any messages go back and forth between the splicer and ad server. I CAN ping the splicer port and SEE the pings BOTH ways on the PC running wireshark. I CAN also SEE pings to and from the Arris ad server. However the PC never sees ANY of the actual control messages that are being sent between the two devices. I am using NO filters and it is in promicuous mode.

What kinds of data can Wireshark NOT capture?

(04 Oct '11, 13:53) SYN-bit ♦♦

One Answer:

0

The NetGear is a switch, so it will not forward traffic to your Wireshark PC unless you can configure it to do port-mirroring.

Have a look at http://wiki.wireshark.org/CaptureSetup/Ethernet for more info on how your capture setup influences what you can and can not see in Wireshark.

answered 04 Oct '11, 13:55

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

It is one of those dumb switches..is that bad? It doesn't have any configuration.

(04 Oct '11, 14:02) scottjthomas

Also I CAN see PINGS and FTP FROM the ad server through the small switch. Is there some reason WHY the UDP frames would be the ONLY thing that I can NOT see?

(04 Oct '11, 14:09) scottjthomas

Do you mean you DO see ping and ftp packets between the "ad server" and the "splicer" on the Wireshark PC, but you DON'T see the udp packets between the "ad server" and the "splicer"? If so, that is indeed strange. However, that is not due to Wireshark not being able to show you the udp traffic.

If you DO see ping and ftp packets between the Wireshark PC and the "ad server" (or the "splicer"), then this is indeed normal, please carefully read the link I provided earlier as it explains this in more detail.

(04 Oct '11, 15:24) SYN-bit ♦♦