Wireshark-users: Re: [Wireshark-users] How to easily identify multiple interfaces in wireshark...

Date: Wed, 17 Oct 2012 08:35:52 -0400

When using  dumpcap.exe. –D  I get:

 

C:\Program Files\Wireshark>dumpcap.exe -D

1. \Device\NPF_{6EBFBFD2-1844-4BB7-BED0-95BA2FCCD536} (HP NC364T PCIe Quad Port Gigabit Server Adapter)

2. \Device\NPF_{9FAA73F9-B079-4B95-851B-537B0CACB0CA} (HP NC364T PCIe Quad Port Gigabit Server Adapter)

3. \Device\NPF_{FCDBB016-3861-4395-BE8E-6A1B2AB48433} (HP NC364T PCIe Quad Port Gigabit Server Adapter)

4. \Device\NPF_{EBFD52C7-3B16-4A0A-85A2-18F4C57474CA} (HP NC364T PCIe Quad Port Gigabit Server Adapter)

5. \Device\NPF_{95FD9084-714A-41F5-954A-72927551DF65} (HP NC364T PCIe Quad Port Gigabit Server Adapter)

6. \Device\NPF_{D663C963-B384-4502-B441-F04402F3BFA1} (HP NC364T PCIe Quad Port Gigabit Server Adapter)

7. \Device\NPF_{691FC7B1-7F40-478E-930A-50BC2A133097} (Broadcom L2 NDIS client driver)

8. \Device\NPF_{03854B4D-A439-4D1E-B0E8-5335C631C60B} (HP NC364T PCIe Quad Port Gigabit Server Adapter)

9. \Device\NPF_{B9136CF4-2CA1-4295-8A52-047C8BD497FD} (HP NC364T PCIe Quad Port Gigabit Server Adapter)

10. \Device\NPF_{B49753BC-C5B3-484E-A67F-657CEC0B765E} (HP NC364T PCIe Quad Port Gigabit Server Adapter)

11. \Device\NPF_{71239DC0-702E-4908-A069-BF8002A911A5} (HP NC364T PCIe Quad Port Gigabit Server Adapter)

 

C:\Program Files\Wireshark>

 

I think if Wireshark could provide the  NetConnectionID   like when using wmic that would be good.

 

See what I get when using wmic command  (3rd column is what I need):

 

wmic:root\cli>nic get index,name,NetConnectionID

Index  Name                                                                                        NetConnectionID

1      RAS Async Adapter

2      WAN Miniport (L2TP)

3      WAN Miniport (PPTP)

4      WAN Miniport (PPPOE)

5      Direct Parallel

6      WAN Miniport (IP)

7      HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBVZA-COR_Eth_9-37

8      HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBVZB-COR_Eth_9-37

9      HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBNS2 Port A2

10     HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBNS2 Port B2

11     HP NC364T PCIe Quad Port Gigabit Server Adapter    Free NC364T Adapter #5

12     HP NC364T PCIe Quad Port Gigabit Server Adapter    Free NC364T Adapter #6

13     HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBVZA-SVR_Eth_114-1-4

14     HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBVZB-SVR_Eth_114-1-4

15     HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBNS1 Port A2

16     HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBNS1 Port B2

17     HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBV1B_GIG_4-45_DMZ

18     HP NC364T PCIe Quad Port Gigabit Server Adapter    QEBV1A_GIG_4-45_DMZ

19     HP NC382i DP Multifunction Gigabit Server Adapter  Free NC382i Adapter

20     HP NC382i DP Multifunction Gigabit Server Adapter  Free NC382i Adapter #2

21     HP NC382i DP Multifunction Gigabit Server Adapter  Telemetry_QEBVZA-SVR_Eth_114-1-42

22     HP NC382i DP Multifunction Gigabit Server Adapter  Free NC382i Adapter #4

 

wmic:root\cli>

 

 

Regards

 

On 10/16/2012 9:19 AM, andre.noel@xxxxxxx wrote:

Hello,

 

I’m used to give more precise description of my connection in Wireshark interface Properties in the comment field

So it’ easy to select the interface facing the switch I want to capture.

 

The problem I have is on one my HP  machine I have 8 interfaces and it’s hard to tell which is which from inside Wireshark

because  the identification  like “\Device\NPF_{C4F…………}  is not shown in windows interface list  and the description field is

all the same:

 

HP NC364T PCIe Quad Port Gigabit Server Adapter

HP NC364T PCIe Quad Port Gigabit Server Adapter

 

As opposed as windows who list them as for example:

 

HP NC364T PCIe Quad Port Gigabit Server Adapter #3

HP NC364T PCIe Quad Port Gigabit Server Adapter #4  

 

Any idea of what I can do to easily do a match ?    ( Now I put all the connection in “shutdown” state in Cisco switches and re-enable them

one at a time to see them reappear in Wireshark but it’s a bit cumbersome…)

Which text output (following the value that appears in the registry) is dumpcap.exe -D providing you with?

 

regards.

 

Andre Noel




___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe