Wireshark mailing list archives

Re: How to easily identify multiple interfaces in wireshark...

From: "andre.noel () bell ca" <andre.noel () bell ca>
Date: Wed, 17 Oct 2012 08:35:52 -0400

When using  dumpcap.exe. -D  I get:

C:\Program Files\Wireshark>dumpcap.exe -D
1. \Device\NPF_{6EBFBFD2-1844-4BB7-BED0-95BA2FCCD536} (HP NC364T PCIe Quad Port Gigabit Server Adapter)
2. \Device\NPF_{9FAA73F9-B079-4B95-851B-537B0CACB0CA} (HP NC364T PCIe Quad Port Gigabit Server Adapter)
3. \Device\NPF_{FCDBB016-3861-4395-BE8E-6A1B2AB48433} (HP NC364T PCIe Quad Port Gigabit Server Adapter)
4. \Device\NPF_{EBFD52C7-3B16-4A0A-85A2-18F4C57474CA} (HP NC364T PCIe Quad Port Gigabit Server Adapter)
5. \Device\NPF_{95FD9084-714A-41F5-954A-72927551DF65} (HP NC364T PCIe Quad Port Gigabit Server Adapter)
6. \Device\NPF_{D663C963-B384-4502-B441-F04402F3BFA1} (HP NC364T PCIe Quad Port Gigabit Server Adapter)
7. \Device\NPF_{691FC7B1-7F40-478E-930A-50BC2A133097} (Broadcom L2 NDIS client driver)
8. \Device\NPF_{03854B4D-A439-4D1E-B0E8-5335C631C60B} (HP NC364T PCIe Quad Port Gigabit Server Adapter)
9. \Device\NPF_{B9136CF4-2CA1-4295-8A52-047C8BD497FD} (HP NC364T PCIe Quad Port Gigabit Server Adapter)
10. \Device\NPF_{B49753BC-C5B3-484E-A67F-657CEC0B765E} (HP NC364T PCIe Quad Port Gigabit Server Adapter)
11. \Device\NPF_{71239DC0-702E-4908-A069-BF8002A911A5} (HP NC364T PCIe Quad Port Gigabit Server Adapter)

C:\Program Files\Wireshark>

I think if Wireshark could provide the  NetConnectionID   like when using wmic that would be good.

See what I get when using wmic command  (3rd column is what I need):

wmic:root\cli>nic get index,name,NetConnectionID
Index  Name                                                                                        NetConnectionID
1      RAS Async Adapter
2      WAN Miniport (L2TP)
3      WAN Miniport (PPTP)
4      WAN Miniport (PPPOE)
5      Direct Parallel
6      WAN Miniport (IP)
7      HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBVZA-COR_Eth_9-37
8      HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBVZB-COR_Eth_9-37
9      HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBNS2 Port A2
10     HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBNS2 Port B2
11     HP NC364T PCIe Quad Port Gigabit Server Adapter    Free NC364T Adapter #5
12     HP NC364T PCIe Quad Port Gigabit Server Adapter    Free NC364T Adapter #6
13     HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBVZA-SVR_Eth_114-1-4
14     HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBVZB-SVR_Eth_114-1-4
15     HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBNS1 Port A2
16     HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBNS1 Port B2
17     HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBV1B_GIG_4-45_DMZ
18     HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBV1A_GIG_4-45_DMZ
19     HP NC382i DP Multifunction Gigabit Server Adapter  Free NC382i Adapter
20     HP NC382i DP Multifunction Gigabit Server Adapter  Free NC382i Adapter #2
21     HP NC382i DP Multifunction Gigabit Server Adapter  Telemetry_QEBVZA-SVR_Eth_114-1-42
22     HP NC382i DP Multifunction Gigabit Server Adapter  Free NC382i Adapter #4

wmic:root\cli>


Regards

On 10/16/2012 9:19 AM, andre.noel () bell ca<mailto:andre.noel () bell ca> wrote:
Hello,

I'm used to give more precise description of my connection in Wireshark interface Properties in the comment field
So it' easy to select the interface facing the switch I want to capture.

The problem I have is on one my HP  machine I have 8 interfaces and it's hard to tell which is which from inside 
Wireshark
because  the identification  like "\Device\NPF_{C4F............}  is not shown in windows interface list  and the 
description field is
all the same:

HP NC364T PCIe Quad Port Gigabit Server Adapter
HP NC364T PCIe Quad Port Gigabit Server Adapter
...

As opposed as windows who list them as for example:

HP NC364T PCIe Quad Port Gigabit Server Adapter #3
HP NC364T PCIe Quad Port Gigabit Server Adapter #4
...

Any idea of what I can do to easily do a match ?    ( Now I put all the connection in "shutdown" state in Cisco 
switches and re-enable them
one at a time to see them reappear in Wireshark but it's a bit cumbersome...)
Which text output (following the value that appears in the registry) is dumpcap.exe -D providing you with?


regards.

Andre Noel




___________________________________________________________________________

Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org><mailto:wireshark-users () wireshark org>

Archives:    http://www.wireshark.org/lists/wireshark-users

Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

How to easily identify multiple interfaces in wireshark... andre.noel () bell ca (Oct 16)
- Re: How to easily identify multiple interfaces in wireshark... Kevin Cullimore (Oct 16)
  - Re: How to easily identify multiple interfaces in wireshark... andre.noel () bell ca (Oct 17)