Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Multicast problem

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Lars Lars <laasunde@xxxxxxxxxxx>
Date: Thu, 30 Oct 2008 21:06:30 +0100
Thank you for the response.

It sounds reasonable that the server nic shortcuts the multicast. Is there a way to verifying this shortcut since it does not appear to be valid in at least one instance.

After more debugging it appears that when wireshark (or windump) listens to the server nic this affect the nic and triggers the server application to receive the multicasts. By stoping wireshark to listen to the nic, then the server application also stops receiving the multicasts. What possible changes to the nic does wireshark perform when listening to the traffic and could any of them explain the problems we are having.

Appreciate any input.



From: robert@xxxxxxx
To: wireshark-users@xxxxxxxxxxxxx
Date: Thu, 30 Oct 2008 12:54:14 -0400
Subject: Re: [Wireshark-users] Multicast problem

Your switch may allow you to span the traffic either in, out, or both.  Both is default on a Cisco switch if you do not specify.   This assumes you have access to the network, and Wireshark is running on an independent platform.  The interface driver on the server NIC may shortcut the multicast before it has to get on the wire and come back.

 

Robert D. Scott                 Robert@xxxxxxx

Senior Network Engineer         352-273-0113 Phone

CNS - Network Services          352-392-2061 CNS Receptionist

University of Florida           352-392-9440 FAX

Florida Lambda Rail             352-294-3571 FLR NOC

Gainesville, FL  32611          321-663-0421 Cell

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Lars Lars
Sent: Thursday, October 30, 2008 12:22 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Multicast problem

 

 
Hello
 
I'm new to this mailinglist and I'm hoping to get some help on a specific problem I'm trying to debug.

An server application is setup to send udp multicast message every second. There are a number clients, including the server itself, that listen for this messages. This has worked fine for several years. Then this week I found an installation where all clients received udp multicast message except the server. So the multicast is not echo'ed back to the itself. (There is no firewall on any of the computers)
 
By starting Wireshark 1.0.4 I'm able to monitor the multicast messages\packages
Source: 172.21.1.1
Destionation : 230.21.1.200
Protocol: UDP
Source port:14800
Destionation port: 14800
 
What I'm not able to understand is how can I debug this problem using wireshark? How can I figure out if a particular udp multicast packet
is actually both sent and received by the same computer? Does this application enable me to do so? Can someone please explain how
I could go about doing so, or recommend any other utility that might aid me.
 
Thanks for your time. Appreciate any input.

Windows Live SkyDrive. På tide å glemme minnepinnen.


Windows Live SkyDrive. På tide å glemme minnepinnen.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube