locked
Promiscuous Mode RRS feed

  • Question

  • Hi,

    we have a problem wih 1 NIC. One is a VMware NIC and was set up as a Mirrored Port on the dvSwitch. The second NIC is a UsbToNetwork adapter which is connectet to physical DC. The problem is that we cannot receive any data except with a program like Wireshark or WindowsNetworkMonitor if we enable the Promiscuous Mode manually. Then we get all the mirrored data. So, is the Promiscuous Mode required for ATA or enable the ATA by itself?

    I found this in the GW configuration file:

      "NetworkListenerConfiguration": {
        "CaptureNetworkAdapterNames": [
          "Mirror",
          "MirrorPhy"
        ],
        "CapturePromiscuousModeEnabled": true,

    What does the line "CapturePromiscuousModeEnabled": true mean?

    Does ATA enter the Promiscuous Mode? Or should another program enable the Mode that ATA can monitor this port?

    Regards

    Thursday, November 5, 2015 8:08 AM

Answers

All replies

  • Hello EliWallic,

    When ATA Gateway service is running, it set the p-mode.

    If ATA Gateway service already running, you do not need to set the p-mode on the NetMon (please do not use Wireshark, as it may conflict with the ATA service) in order to see the capture data.

    If you already set the p-mode in netmon, you will need to restart the ATA Gateway service so it will take over the NIC. And then you can run netmon again without p-mode.

    Hope this helps,

    Microsoft ATA Team.

    Friday, November 6, 2015 7:46 AM
  • Hi,

    thanks this helps a lot to understand how it works.

    We have a 'exotic' problem I think. We have a physical DC and our network team and virtual guys cannot set up the mirroring and we don’t know why it is not working. As a simple solution they installed a USB-To-Network adapter on the host and configured this whole thing that the device is tunneled to the VM. The ATA GW (VM) is seeing this device but there is no received data except I start Microsoft Network monitor AND set the P-Mode AND start capturing. Then all the mirrored traffic can be captured. If I stop the program (P-Mode will be disabled) there is no incoming traffic anymore.

    But with the second mirrored port for the other virtual DC’s it is working without any problems.

    Could there be a problem with the Windows Driver or a problem within ATA itself? Maybe because Usb-To-Network adapters are not supported?

    Regards

    Friday, November 6, 2015 8:35 AM
  • Found a solution for me

    https://social.technet.microsoft.com/Forums/security/en-US/2dd628a5-7044-4d23-8ae1-e60167cb8759/ata-installed-and-configured-but-no-data?forum=mata

    Reinstalling the update KB3047154 (that is installed by ATA GW)

    maybe also for other users with this problem


    • Marked as answer by EliWallic Monday, November 9, 2015 12:36 PM
    • Edited by EliWallic Monday, November 9, 2015 12:36 PM
    Monday, November 9, 2015 12:36 PM