Using Wireshark in Microsoft Windows reveals some quirks that naturally leave you scratching your head as to what is going on.
For example, when I launch Wireshark on my Windows 10 system I see a bunch of different interfaces. Some make sense (Wi-Fi, Ethernet 2) but others....:
What are all the Local Area Connections? What is the asterisk? Why is my only Ethernet interface Ethernet 2 not Ethernet 1?
So many questions.
The simple answer is to open a Powershell (Windows button> X> A) and type the following command:
Powershell will explain what each of these adapters is:
Now the output you get will vary from mine. But this command clearly defines which interface is which.
I found this explanation on the web:
Windows makes several "simulated" network adapters for various purposes. For example, if you're on an IPv4-only network, but you want to connect to an IPv6 computer on the internet, Windows can create a simulated network adapter that tunnels the IPv6 traffic through your IPv4 network.
There are actually quite a few of these simulated network adapters. Since they usually quietly take care of themselves, and they don't correspond to any actual network hardware that you (the end-user) can see or touch, Windows will hide them by default, to avoid clutter.
Now suppose Windows just started numbering all the adapters with the same naming scheme ("Ethernet 1", "Ethernet 2", "Ethernet 3", . . ., etc.). Then by the time you actually install your actual NIC, it would probably get a name like "Ethernet 7". But since Windows hides the first 6 network interfaces, you'd see a listing that only includes one NIC: "Ethernet 7". And you'd probably say "stupid Windows doesn't know how to count."
So instead, we have two numbering schemes. Real, physical NICs get numbered "Ethernet ###" (or "Wi-Fi ###", etc.) while all the hidden network adapters get "Local Area Connection* ###". That way, the NICs that you see will be numbered starting from 1, even though there are a big pile of hidden network interfaces that were installed first.
What does the asterisk mean? The asterisk used to be the signal that the NIC was a hidden NIC. Older versions of Windows named all visible NICs "Local Area Connection ###", and hidden ones were distinguished by adding an extra asterisk. These days, we try to avoid using nerdy jargon like "Local Area Connection" when talking to you, so we changed the naming pattern to "Ethernet". But since hidden NICs don't matter, we kept their old naming pattern with the asterisk.
Personally, I feel Wireshark should optionally hide these interfaces, especially to help beginners visually focus on the actual connected interfaces they would want to do captures on.
You can also view these adapters through the device manager in Windows 10: click on Windows button, start typing "device manager" and select device manager. Here is the "path": Control Panel > System > Device Manager > View > Show Hidden Devices > Network adapter>
Then look at Network Adapters: (here is mine) - and make sure you select View> Show hidden...
I hope you find this article and its content helpful. Comments are welcomed below. If you would like to see more articles like this, please support us by clicking the