Wireshark · Wireshark-users: Re: [Wireshark-users] IPv6 Interface

Wireshark-users: Re: [Wireshark-users] IPv6 Interface
From: "Michael Margulies" <mmargulies@xxxxxxxx>
Date: Wed, 11 Mar 2009 09:10:56 -0700
>When I run IPv6, I leave IPv4 enabled also because I still get my IP
>address from the IPv4 dhcp server. After installing
WinPcap_4_1_beta5.exe >and wireshark-win32-1.1.2.exe then I have no
problems packet capturing >everything then filtering on IPv6. I have not
experimented with an IPv6 >type of capture filter yet.

>I hope this helps,
>Brian

That's it! The key to having the link-local ip address of your ipv6 if
show up in the capture interface dialog box is to use Wireshark 1.1.2 on
top of WinPcap 4.1beta5. I was able to determine though that with the
latest stable releases of Wireshark and WinPcap, you still can capture
IPv6 packets even though the IPv6 IF details (i.e. ip address) where not
showing up in the capture interface dialog box.

Something else that was causing grief and confusion was Microsoft's
default of automatic tunneling.

Thanks for the help everyone. Moving on....

Mike M

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
wireshark-users-request@xxxxxxxxxxxxx
Sent: Tuesday, March 10, 2009 7:47 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: Wireshark-users Digest, Vol 34, Issue 26

Send Wireshark-users mailing list submissions to
	wireshark-users@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
	https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
	wireshark-users-request@xxxxxxxxxxxxx

You can reach the person managing the list at
	wireshark-users-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

   1. Re: Timing questions (Bond, Peter)
   2. Re: Slow gigabit network (Bond, Peter)
   3. Re: Slow gigabit network (EDWARD HILL)
   4. Re: IPv6 Interface (Brian Daniel)


----------------------------------------------------------------------

Message: 1
Date: Tue, 10 Mar 2009 10:08:36 -0000
From: "Bond, Peter" <PBond@xxxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Timing questions
To: "Community support list for Wireshark"
	<wireshark-users@xxxxxxxxxxxxx>
Message-ID:
	
<EED026015238BA4D8383E6F2C17B9DA901B31472@ttvuk_exch1.TANDBERGTV.COM>
Content-Type: text/plain; charset="us-ascii"

Any takers?  I figured this was more user-level than dev...

 

TIA

 

Peter

 

________________________________

From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Bond, Peter
Sent: 27 February 2009 16:17
To: Community support list for Wireshark
Subject: [Wireshark-users] Timing questions

 

Hi all -

 

We're seeing some slightly strange behaviours out of Wireshark in
certain situations; the system in question has both a Realtek network
card & a DekTec card.

 

1.	Capturing under Windows on either card, there are negative
(absolute, not relative) timestamps crop up periodically throughout the
trace.  Reading around, there seemed to be an incompatibility between an
older version of WinPcap and a newer version of Wireshark; this does not
appear to be the problem here (bundled install).  Running a Linux
version (from a LiveCD), the problem disappears with the Realtek card; I
have not yet built a LiveCD with the DekTec drivers to be able to test
that case.  I've seen some suggestions that the packet forwarding to the
WinPcap driver under Windows are a little indeterminate, is this the
likely culprit?

 

2.	The packets being transmitted have a defined period between them
(about 1ms), yet at the start of every capture, the delta is in the
order of 1us instead.  My best guess is that the Realtek card buffer is
being flushed to the pcap driver initially...?  Since the interface is
in promiscuous mode before the capture starts, I'm not sure that the
assumption is valid.

 

My suspicion is that for absolute timing tests of this nature, we really
ought to be using a lower-level network analyser to keep the vagaries of
the OS out of the way.  

 

All comments gratefully received.

 

Peter Bond

 

**********************************************************************

This communication is confidential and intended solely for the 
addressee(s). Any unauthorized review, use, disclosure or distribution
is prohibited. If you believe this message has been sent to you in 
error, please notify the sender by replying to this transmission and 
delete the message without disclosing it. Thank you.

E-mail including attachments is susceptible to data corruption, 
interception, unauthorized amendment, tampering and viruses, and we 
only send and receive e-mails on the basis that we are not liable for 
any such corruption, interception, amendment, tampering or viruses or 
any consequences thereof.

This email, its content and any attachments is PRIVATE AND 
CONFIDENTIAL to TANDBERG Television, Part of the Ericsson Group. 

www.tandbergtv.com
**********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20090310/ac53
d6da/attachment.html 

------------------------------

Message: 2
Date: Tue, 10 Mar 2009 10:13:19 -0000
From: "Bond, Peter" <PBond@xxxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Slow gigabit network
To: "Community support list for Wireshark"
	<wireshark-users@xxxxxxxxxxxxx>
Message-ID:
	
<EED026015238BA4D8383E6F2C17B9DA901B31473@ttvuk_exch1.TANDBERGTV.COM>
Content-Type: text/plain; charset="us-ascii"

> Hansang Bae wrote

> How can the NIC test the quality of the cable?

TDR?  I know several of my NICs tout that functionality, never had cause
to try it though.
http://www.commsdesign.com/design_corner/showArticle.jhtml?articleID=165
05651

Peter
**********************************************************************

This communication is confidential and intended solely for the 
addressee(s). Any unauthorized review, use, disclosure or distribution
is prohibited. If you believe this message has been sent to you in 
error, please notify the sender by replying to this transmission and 
delete the message without disclosing it. Thank you.

E-mail including attachments is susceptible to data corruption, 
interception, unauthorized amendment, tampering and viruses, and we 
only send and receive e-mails on the basis that we are not liable for 
any such corruption, interception, amendment, tampering or viruses or 
any consequences thereof.

This email, its content and any attachments is PRIVATE AND 
CONFIDENTIAL to TANDBERG Television, Part of the Ericsson Group. 

www.tandbergtv.com
**********************************************************************


------------------------------

Message: 3
Date: Tue, 10 Mar 2009 10:00:09 -0400
From: "EDWARD HILL" <EHill@xxxxxxxxx>
Subject: Re: [Wireshark-users] Slow gigabit network
To: "Scott Chapman" <WireShark@xxxxxxxxxxxxxxxxx>,	"Community
support
	list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
	
<6910002A52F85D46AF3E35ED5B254FE1064B5DE0@xxxxxxxxxxxxxxxxxxxxxxx.arrow.
com>
	
Content-Type: text/plain; charset="us-ascii"

Since the switch is not a managed switch, set your server nic to auto.
If that does not work drop the nic to 100/full and see what you get. If
the throughput is higher at the 100/full it will be either a driver on
the server side or the switch. I recommend getting a managed switch.
when your running gig you want to be able to see both sides.
 
Ed

________________________________

From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Scott
Chapman
Sent: Saturday, March 07, 2009 1:12 PM
To: netztier@xxxxxxxxxx
Cc: Community support list for Wireshark
Subject: Re: [Wireshark-users] Slow gigabit network


Actually I know the cables are OK because I have used the intel drivers
to validate the cables. All indications (lights on cards, and switch),
along with diagnostics in the drivers, all indicate gigabit full duplex

I am not using a managed switch, so I can't get any info from it.

I have also used iPerf which shows me similar results.

-Scott


----- Original Message -----
From: "Marc Luethi" <netztier@xxxxxxxxxx>
To: "Community support list for Wireshark"
<wireshark-users@xxxxxxxxxxxxx>
Cc: "Scott Chapman" <WireShark@xxxxxxxxxxxxxxxxx>
Sent: Saturday, March 7, 2009 4:14:13 AM GMT -05:00 US/Canada Eastern
Subject: Re: [Wireshark-users] Slow gigabit network

On Fri, 2009-03-06 at 21:29 -0500, Scott Chapman wrote:

> So, the problem I have is that I get about 12-14MB/sec when I copy
> files.

Might be protocol overhead, as (almost) usual. Yet, assuming that the
cabling is okay from the fact alone that both cards connect at 1Gbps is
wrong. There might still be CRC errors (and hence packet loss and TCP
retransmissions), or flow control might be stepping in: 

http://www.smallnetbuilder.com/content/view/30212/54/ 

If the switch is a managed one, have a good look at each port counter,
or see if you can undig some of those counters from the depths of your
NIC's driver. Wireshark might even be able to show flow control pause
frames being sent or received by the system it runs on.

Get a Windows or Java version of iPerf or jPerf, and use it to shove
data from box to box. Here's how - same procedure for Linux and Windows.

http://ubuntuforums.org/showpost.php?p=6758444&postcount=7
http://ubuntuforums.org/showpost.php?p=6522634&postcount=4

If you get reasonable throughput numbers here, you can safely assume
that the IP stacks and storage I/O systems are in good shape.

Then you can start to deep into the analysis of the involved protocols
like CIFS, NetBIOS-over-IP or NFS.

regards

Marc




-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20090310/ceab
43b2/attachment.htm 

------------------------------

Message: 4
Date: Tue, 10 Mar 2009 10:03:36 -0400
From: Brian Daniel <daniel_brian@xxxxxxxxxxxx>
Subject: Re: [Wireshark-users] IPv6 Interface
To: Community support list for Wireshark
	<wireshark-users@xxxxxxxxxxxxx>
Message-ID:
	<b66dd3f30903100703u1baa8f5dvff4b74d1e60f8ac0@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

When I run IPv6, I leave IPv4 enabled also because I still get my IP
address
from the IPv4 dhcp server. After installing WinPcap_4_1_beta5.exe and
wireshark-win32-1.1.2.exe then I have no problems packet capturing
everything then filtering on IPv6. I have not experimented with an IPv6
type
of capture filter yet.
I hope this helps,
Brian
On Mon, Mar 9, 2009 at 5:59 PM, Michael Margulies
<mmargulies@xxxxxxxx>wrote:

> I was using the latest stable release of WinPcap - 4.0.2, I updated to
> 4.1beta5 and am still encountering the same problem.
>
> Thanks,
> Mike M
>
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
> wireshark-users-request@xxxxxxxxxxxxx
> Sent: Sunday, March 08, 2009 12:00 PM
> To: wireshark-users@xxxxxxxxxxxxx
> Subject: Wireshark-users Digest, Vol 34, Issue 21
>
> Send Wireshark-users mailing list submissions to
>        wireshark-users@xxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://wireshark.org/mailman/listinfo/wireshark-users
> or, via email, send a message with subject or body 'help' to
>        wireshark-users-request@xxxxxxxxxxxxx
>
> You can reach the person managing the list at
>        wireshark-users-owner@xxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Wireshark-users digest..."
>
>
> Today's Topics:
>
>   1. Re: IPv6 Interface (Gianluca Varenni)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 7 Mar 2009 17:40:41 -0800
> From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
> Subject: Re: [Wireshark-users] IPv6 Interface
> To: "Community support list for Wireshark"
>        <wireshark-users@xxxxxxxxxxxxx>
> Message-ID: <59955923F67C406F8602C3CA7940509F@nelson2>
> Content-Type: text/plain; format=flowed; charset="iso-8859-1";
>        reply-type=original
>
> Which version of WinPcap are you using?
>
> There was a fix related to IPv6 address listing in the latest beta
> version
> of WinPcap (4.1beta5). Can you please check if the bug shows up in
that
> version as well?
>
> Have a nice day
> GV
>
> ----- Original Message -----
> From: "Guy Harris" <guy@xxxxxxxxxxxx>
> To: "Community support list for Wireshark"
> <wireshark-users@xxxxxxxxxxxxx>
> Sent: Friday, March 06, 2009 1:53 PM
> Subject: Re: [Wireshark-users] IPv6 Interface
>
>
> >
> > On Mar 6, 2009, at 12:27 PM, Michael Margulies wrote:
> >
> >> Yes, sorry for not being specific, the physical interface is
> ethernet.
> >> The ethernet card always shows up in the capture interface dialog
> box.
> >> When the tcp/ipv4 stack is enabled, the ipv4 ip address for my
> >> laptop is
> >> shown. When the tcp/ipv4 stack is disabled, but the tcp/ipv6 is
> >> enabled,
> >> the ip address is listed as unknown. I'm interpreting this as
> >> Wireshark
> >> not recognizing the ipv6 interface for some reason.
> >
> > Not necessarily.  It could be that, for example, WinPcap can't get
the
> > IPv6 address for the interface and supply it to Wireshark (Wireshark
> > depends on libpcap/WinPcap to do a lot of the work of dealing with
> > network adapters).  Gianluca?
> >
>
________________________________________________________________________
> ___
> > Sent via:    Wireshark-users mailing list
> <wireshark-users@xxxxxxxxxxxxx>
> > Archives:    http://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >
> > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
> ------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>
> End of Wireshark-users Digest, Vol 34, Issue 21
> ***********************************************
>
>
________________________________________________________________________
___
> Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx
> ?subject=unsubscribe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20090310/f815
5ebd/attachment.htm 

------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 34, Issue 26
***********************************************
Prev by Date: Re: [Wireshark-users] IPv6 Interface
Next by Date: [Wireshark-users] TShark & IO Stat Interval
Previous by thread: Re: [Wireshark-users] IPv6 Interface
Next by thread: [Wireshark-users] Slow gigabit network
Index(es):
- Date
- Thread