Re: config problem - not seeing all messages

[Graham Bloice <graham.bloice () trihedral com>]

I've used the cheap switches that mirror from Netgear, the current model is
the GS305e <https://www.netgear.com/business/wired/switches/plus/gs305e/>,
which I haven't actually used, or if you can get it, the older model the
GS105e which I've used a lot.  Make sure you get the "e" versions as they
make slightly cheaper unmanaged versions that won't mirror ports.  They
also have 8 port versions, but I prefer the smaller one to go into my
"Wireshark" bag of bits.

On Thu, 13 May 2021 at 01:54, Kurt Buff <kurt.buff () gmail com> wrote:

> Others have mentioned switches or hubs for gathering the packets.
>
> Network Taps are another alternative, and many are available used (ebay)
> for relatively small prices.
>
> https://www.ebay.com/sch/i.html?_from=R40&_trksid=p2499334.m570.l1313&_nkw=network+tap&_sacat=58058
>
> Kurt
>
> On Wed, May 12, 2021 at 4:12 PM Ron W <ronw.mrmx () gmail com> wrote:
>
> > I am trying to use WireShark to diagnose a network problem between a
> > Windows PC and a Linux-based controller (for a robot).
> >
> > The controller uses uboot and TFTP to download the Linux image from the
> > PC. Using the controller's serial port, I can see the messages output by
> > uboot and by Linux. The messages as as expected and the controller appears
> > to work correctly except after downloading Linus via TFTP, the PC
> > application is not able to communicate with the controller via TCP/IP.
> >
> > So, I connected an Ethernet switch between the PC and the controller and
> > also connected a laptop to the switch so I can monitor with WireShark.
> >
> > What I see in WireShark's capture log (see attached screen picture) would
> > have made sense, but the log is not showing the TFTP messages. So, to make
> > sure TFTP was actually working, I interrupted uboot before it started
> > downloading Linux. I then entered commands to have uboot download various
> > test files I created and inspect what was downloaded to make sure the
> > expected content was in the controller. As I did this, I continued to
> > monitor with WireShark. Still I did not see anything after the initial ARP
> > request from the controller, asking for the MAC corresponding to the IP
> > address of the PC. i did not even see an ARP reply from the PC.
> >
> > Since I'm not seeing the TFTP messages, nor the PC's ARP response, I have
> > to assume I configured WireShark incorrectly. Looking at my capture
> > selection and capture options (see attached screen pictures), I can't find
> > anything to explain not seeing the TFTP messages in the capture log.
> >
> > I even tried a fresh install of WireShark on another laptop that had
> > never had Wireshark on it. Same result: No TFTP message in the capture log.
> >
> > I have used WireShark successfully in the past. As best I can remember, I
> > setup WireShark the same as I have in the past.
> >
> > Still, I must be doing something wrong. Any advise on what I need to fix
> > in my WireShark settings?
> >
> > Thanks in advance

-- 
Graham Bloice

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe