Running Wireshark on Windows 8.1 Enterprise


You might get excited to run the greatest Network Sniffer utility on Windows 8.1 before you hit a show stopper. The show stopper is huge and possible bug or un support feature in Windows 8.1 of not being able to hook to Network Interface.

 

The installation of Wireshark goes smooth on Windows 8.1 , when you try to associate Network Adapter , you will be presented with the error message

There are no interfaces on which a capture can be done” and you might try the well known troubleshooting article http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

but you soon realize , you have executed the executable under Administrator privileges , but still  you are unable to associate Network Adapter.

 

Issue: The issue lies with Winpcap.exe component which is currently unsupported on Windows 8.1

File Version: Wireshark 1.12.0 and WinPcap 4.1.3

Resolution: Assuming the fact that, Administrator has already installed Wireshark, follow the below steps

 

Step1: Uninstall Winpcap.exe from C:\Program Files (x86)\Winpcap\uninstall.exe

Step2: Navigate to C:\Program Files\Wireshark\winpcap.exe and set the Compatibility level to run under Windows 7 as shown below

Winpcap

Step3: Run the WinPcap executable. Upon successful installation, restart Wireshark and Administrator will be able to bind the Network adapter successfully.

 

If its a new installation on Windows 8.1, Administrator can set the compatibility level for WinPcap and run the file during installation.

 

IE 10 Performance Degrade


When I tried browsing webpages on my Server, the response time was incredibly high, pages were loading with the delay of 15 seconds and  I started to troubleshoot the issue to get rid of the annoying delayed page load. Below is my setup in my lab

  • Windows Server 2012 running Hyper-v
  • Window Server 2012 complete patched with latest updates
  • Internet Explorer 10
  • Wireless Broadband 4G connection

Few of the troubleshooting which involved eliminating

  • Disable all IE add on’s and browse the webpages – no luck
  • Disabled smart screen filtering – no luck
  • Added websites under trusted sites with compatibility view set to default
  • Open all the webpages under compatibility mode – no luck

I even download google chrome to validate the delay between 2 browsers and found that IE and Chrome exhibits the delay behavior. This test ensure that the issue is not with browser, rather the issue lies with Networking component of Windows Operating System. I did reload the network stack but no luck , I still see the delay while browsing the web pages on Windows Server 2012.

The next troubleshooting was to target the Networking component and under Network connections, the first thing to eliminate was the Virtual Ethernet which I had created for my Hyper-v guests. I disabled the virtual Ethernet for testing and the problem got resolved! . The virtual Ethernet adapter was causing the delay and further troubleshooting reveled that there was 10- 15 sec packet delay between HTTP GET and POST calls, but from the Wireshark trace I was not able to detect the IP address inclusion.

 

Radius Code 12 Unsupported


You might receive the following event id message

“A RADIUS message with the Code field set to 12, which is not valid, was received on port 1812 from RADIUS client XN08_C1H2. Valid values of the RADIUS Code field are documented in RFC 2865.”

Microsoft team has confirmed that there is no idea to add support for code 12 either in windows server 2008 or in windows server 2008 R2

Network Redirector


The audience who can go through is middle level system engineers , programmers, and one who aspires to understand the network architecture.

 

In windows everything goes with dll’s , API’s , usermode applications and kernel mode drivers. People at the debugging end only talk in terms of process , PEB, threads, TEB and API call’s. Today I am going to explain about the windows networking I/O model which is vast but interesting.

 

Everyday , users access files on remote servers , access the shares, access the drives etc. Many of the engineers or system administrators do not think about the troubleshooting aspect of file systems, because it is one of the toughest protocol to understand which is Server Message Block  ( SMB )  . My article will help system engineers to analyze and debug SMB protocol and after reading my blog , every one can have a fair idea about the file operations and they can easily start troubleshooting the issues.

 

As I said earlier in my post, every component in windows operating system is either a SYS or a DLL . Microsoft has designed the redirector in the form of a driver. The term redirector is used with network because its job is to redirect the request to the destination using TCP stack.

 

In windows the basic functionality of redirector is used access files from a client to the server .Here client falls into two categories , on which is operating system and other is the client application. This helps engineers while troubleshooting various issues related to file systems which are very complex to resolve.

 

So typical implementation of client redirector is shown below  ( write diagram )

 

 

Network redirector is used to forward the file I/O requests from source / client to destination , either from an custom / user mode application or from windows explorer, the request is then handled by the network redirector and pass the request to the appropriate NDIS interface and down to the NIC card.

DHCP Interface Crash – windows 2008 R2


 
 
I have raised a bug with microsoft regarding MMC crash, and here are the details about the same.
 
I have observed this behavior on windows 2008 R2 RC build and would encourage users to try with the latest build.
 
ISSUE : On windows 2008 R2 Rc 64 bit edition server uncheck IPV4 address and use IPV6 and try to configure the DHCP role , and we get MMC error “MMC snap-in failed to load”
 
 
Resolution From Product DHCP Product Group :
 
There are a couple of work arounds which could be used in this situation:
1. Have a static IPv6 address on the interface. This is in any case would be required for DHCP server to bind to. We have found that in case of a static IPv6 address, the role installation of DHCP server works fine.
 

2. Use the command line mode for installation (ocsetup or powershell). (In powershell, you can run import-module servermanager, followed by add-windowsfeature dhcp)

3. Enable IPv4, install the server role and then disable IPv4. After installation of the server role, the DHCP MMC works fine regardless of whether IPv4 is enabled or not.

Hope the article will help and please do post your comments after testing the behavior.

 
 
Sainath
Microsoft MVP