locked
Network monitor not capturing all traffic RRS feed

  • Question

  • I am using network monitor on my laptop system ethernet wired por connecting my home networkt. I am running Windows 7. The lapop uses the Intel(R) 82579LM Gigabit Network Connection chip. When starting a capture I am selecting the wired connection and p-mode. I am only seeing unicast, mulicast and messages to/from the laptop. I am not seeing a network conversation I have initiated between my ipad and a DLNA device on the same physical network. I am seeing the unicast/multicast part of the conversation.

    I am connecting the laptop to an unmanaged switch that is also conecting the DLNA device.

    I am trying to observe the uPnP conversation between the Sony media player appon the ipad and the Sony media player device attached to my home network.

    What am I doing wrong?

     

    Dave

    Wednesday, October 12, 2011 10:45 PM

Answers

  • Hi Dave,

    Sounds like your switch is doing its job and is filtering out all the traffic destined to specific devices.  P-mode will let you see all the traffic coming to your machine but doesn't do anything other than that; however, switches (even unmanaged ones) do automatic routing to prevent traffic from just going everywhere like they did on old hubs.

    You'll have to find a way to enable a mirroring port on the switch so that it can send all the traffic it's getting to your laptop which then can capture it all with Network Monitor.  Unfortunately, if you have a basic unmanaged switch, this type of functionality might not exist.  You may need to swap out to a hub temporarily or use a different switch to perform your diagnosis.

    What's the type of problem you're trying to solve?  (Just for our reference)

    Thanks,


    Michael Hawker | Program Manager | Network Monitor
    Thursday, October 13, 2011 8:55 PM

All replies

  • Hi Dave,

    Sounds like your switch is doing its job and is filtering out all the traffic destined to specific devices.  P-mode will let you see all the traffic coming to your machine but doesn't do anything other than that; however, switches (even unmanaged ones) do automatic routing to prevent traffic from just going everywhere like they did on old hubs.

    You'll have to find a way to enable a mirroring port on the switch so that it can send all the traffic it's getting to your laptop which then can capture it all with Network Monitor.  Unfortunately, if you have a basic unmanaged switch, this type of functionality might not exist.  You may need to swap out to a hub temporarily or use a different switch to perform your diagnosis.

    What's the type of problem you're trying to solve?  (Just for our reference)

    Thanks,


    Michael Hawker | Program Manager | Network Monitor
    Thursday, October 13, 2011 8:55 PM
  • Hi Michael,

    After reading a couple more forums about the problem yesterday , I tried to monitor the conversation (as a last resort) by attaching the Sony SMP N100 and my laptop to the wireless router itself (still failing to record all messages). Finally believing it was truly my routers and hubs (as everyone was telling me), I remembered I had an old hub that I luckily hadn't tossed. So last night I hooked the hub up to the wireless router, attached the SMP and my laptop to the hub and voila I saw all of the messages.

    I wanted to view how the Sony remote media controller app was conversing with the Sony SMP. In particular which requests the app was using. I discovered it was using a pretty basic command set : IRCC requests.

    I was also considering writing a network monitor parser for the uPnP protocol which then would force me to gain enough understanding to write my own app. I would like to start with a windows 7 application and then create an iPad app.

     

    Thank you for your reply.

    Dave Foley

     

     

     

    Friday, October 14, 2011 12:45 AM