First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Wireshark make an SCADA app to fail

Hi! I work with SCADA systems and when I install wireshark in one of them, the system stops to receive/send data. I have been researching why this can happen, but besides knowing that Wireshark let the NIC card to work in promiscous mode and PCAP copies packets in order to analyse them, I have not found anything that could explain this behavior. Somebody have had a similar problem with this? Thanks!

root1's avatar
1
root1
asked 2022-10-05 12:39:54 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Similar to wireshark blocking a TCP connection, (?) why ?

Chuckc's avatar Chuckc (2022-10-05 15:20:58 +0000) edit
more
  • delete

What version of what operating system is on the machine on which Wireshark is running?

Guy Harris's avatar Guy Harris (2022-10-05 18:59:30 +0000) edit
more
  • delete

Hi #GuyHarris! The OS version is Windows Server 2012 R2. The Npcap version is 1.71. I am using wireshark portable because I though it will work a light version of wireshark (even if the app still ask me to install it on the windows machine)

root1's avatar root1 (2022-10-05 19:25:35 +0000) edit
more
  • delete

Thanks #chuckc! I'm reviewing the post trying to find a solution for the problem. Thanks for the time and to post the source!

root1's avatar root1 (2022-10-05 19:31:05 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

My first guess. The SCADA app is not playing nice and using the network in a manner which conflicts with the npcap is working.

hugo.vanderkooij's avatar
76
hugo.vanderkooij
answered 2022-10-05 13:09:46 +0000
edit flag offensive 0 remove flag delete link
more

Comments

(And "the machine on which Wireshark is running is a Windows machine" is another part of the guess.)

Guy Harris's avatar Guy Harris (2022-10-05 18:58:54 +0000) edit
more
  • delete

It is a nice guess! When I stop using wireshark (unnistalling the Npcap) all the communication starts working again. The problem is I cannot troubleshoot signals without checking them first on a packet analyzer. I tried to use netsh (from the windows machine) but the OS seems to not support it (and it is not working).

root1's avatar root1 (2022-10-05 19:29:30 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer