1/7/2023 0 Comments Wireshark usb nicAnd on other hand the machine is a "Intel NUC" which is one of the smallest machine on the market which comes with one on-board NIC, so I forced to use USB adapter as my second NIC to do only traffic capture which I face this problem. The answer is that since this is a lab environment I have multiple VLANs set up on our network switch which only my on-board NIC (Intel brand) is capable to be set up with multiple VLAN, but not with the USB adapter. You might ask why I don't use my on-board NIC to do the capture. I use my machine in our lab environment where I need to do traffic capture with my USB adapter and get all the traffic in/out of the IP phone which I can't. Yes, the phone works just fine and I don't have a problem with the IP phone. Versus, when you look at the other capture which is done with on-board NIC you see all SIP & RTP and also TCP from phone to our provisioning servers (208.75.8.28 & 64.47.12.15) and also some ICMP packet and some DNS, NTP. The capture with USB adapter is bigger because the phone contacted our provisioning servers so has more traffic, but when you filter by SIP you don't see a packet. Would you please help me with this issue? In fact, that I see some TCP, UDP traffic on my capture it tells me the chipset does what it needs to do, but it looks like there is another piece that I am missing on my whole set up. I have contacted the USB chipset manufactor (Realtek) regarding this issue and they instructed me on how to add a piece in their chipset driver files to manually enable promiscuous mode which I did. To rule out if the OS has nothing to do with my issue, when I switch to my on-board NIC I can see all the traffic that I am expected see but not using USB NIC. I see TCP, UDP, ICMP, some others but not the one I have mentioned. For instance I do traffic capture on a VOIP device (IP phone), I am expecting to see SIP & RTP protocols traffic, but I don't see those. The issue is when I do traffic capture I see some of the traffic that I am expected to see but not all of the protocols. My usb winpcap version is 4.1.3 and Wireshark version of 2.2.2. I am using usb 3.0 with Realteck RTL8153-VB chipset. I have difficulty to see all the traffic on Wireshark app when I use USB 3.0 to ethernet adapter on my windows 7 64bit machine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |