Wireshark debugging of packets not destined for the PC

Go To Last Post
8 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

How to debug packets not destined for the PC using wireshark?. i.e. DHCP, SNTP protocols...

 

Because the packets from the micro go directly to the router they dont show at the PC running wireshark.

 

Is it possible to still get hubs somewhere?

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

There are switches and routers with port mirroring capability. Try and get one of those.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I purchased an old 10Mb 4 port hub on ebay awhile back just for that purpose.

the speed was not important as all interfaces will auto adjust to the slow speed.

See what you can find, mine was a netgear EN104tp.

 

Jim

 

Edit: link

https://www.ebay.com/sch/i.html?...

Yes lots of hubs still available!

Click Link: Get Free Stock: Retire early! PM for strategy

share.robinhood.com/jamesc3274
get $5 free gold/silver https://www.onegold.com/join/713...

 

 

 

 

Last Edited: Wed. Dec 26, 2018 - 09:58 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

In the good old and simple days of 10MBit Ethernet there was a thing called a hub... Oh, you know.

I saved an old hub especially for this purpose, but I never used it an even may have cleared the closed years ago.

 

I also have 2 old Edimax switches. These were popular in the hacker world because they could be easily flashed to run alternative open source firmware, which opens the door to any functionality that the hardware is capable of.

 

In the world of Ethernet there is also a "promiscuous mode" and if your switch or router supports it it can copy all data that reaches the switch to the port in promiscuous mode.

I think this is a fairly common capability of switches / routers. Look in Wireshark for an option to enable it, but I assume this is default for Wireshark and it would have done this if your hardware supports it.

It is also possible you have to change a setting in your router to permit promiscuous mode.

 

There is also a thing called a "managed switch" and they can be pretty expensive ( >EUR300 to easily > EUR1000) And that is enough reason for me to not have one or be interested in their capabilities but I assume they are worth their money because of extra capabilities.

 

Alternatively, you can go the hacky way.

Add a bit of hardware to your microcontroller. Find a convenient way to tap into the signals, and send the Rx and Tx pairs to two Rx pairs of a separate switch or extra ethernet cards in your PC.

 

This can also be done in software.

If you have a PC with 2 Ethernet cards you can use it as the man in the middle.

Just set up the software to connect those two cards together and make a private copy for Wireshark.

Doing magic with a USD 7 Logic Analyser: https://www.avrfreaks.net/comment/2421756#comment-2421756

Bunch of old projects with AVR's: http://www.hoevendesign.com

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

if you cannot find a hub anymore, maybe this would help

http://www.zen22142.zen.co.uk/Ci...

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

If you want to experiment with circuits such as plouf mentioned in #5 then also reset / power cycle your routers etc.

Routers apparently do some impedance measuring and matching to determine the optimum signal drive strength for connections.

At least that is what MikesElecticStuff said in one of his latest Vlogs when dealing with Ethernet.

Doing magic with a USD 7 Logic Analyser: https://www.avrfreaks.net/comment/2421756#comment-2421756

Bunch of old projects with AVR's: http://www.hoevendesign.com

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Thanks, some interesting ideas! Port mirroring is exactly what I'm after

 

 

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

This is what we use:

 

https://www.beckhoff.de/default....