Networking/Computing Tips/Tricks

Using Wireshark in Microsoft Windows reveals some quirks that naturally leave you scratching your head as to what is going on. 

For example, when I launch Wireshark on my Windows 10 system I see a bunch of different interfaces.  Some make sense (Wi-Fi, Ethernet 2) but others....:

2019 12 24 9 15 22

What are all the Local Area Connections?  What is the asterisk?  Why is my only Ethernet interface Ethernet 2 not Ethernet 1?

So many questions.

The simple answer is to open a Powershell (Windows button> X> A) and type the following command:

Get-NetAdapter -IncludeHidden

Powershell will explain what each of these adapters is:

2019 12 24 9 19 02

Now the output you get will vary from mine.  But this command clearly defines which interface is which.

I found this explanation on the web:

Windows makes several "simulated" network adapters for various purposes. For example, if you're on an IPv4-only network, but you want to connect to an IPv6 computer on the internet, Windows can create a simulated network adapter that tunnels the IPv6 traffic through your IPv4 network.

There are actually quite a few of these simulated network adapters. Since they usually quietly take care of themselves, and they don't correspond to any actual network hardware that you (the end-user) can see or touch, Windows will hide them by default, to avoid clutter.

Now suppose Windows just started numbering all the adapters with the same naming scheme ("Ethernet 1", "Ethernet 2", "Ethernet 3", . . ., etc.). Then by the time you actually install your actual NIC, it would probably get a name like "Ethernet 7". But since Windows hides the first 6 network interfaces, you'd see a listing that only includes one NIC: "Ethernet 7". And you'd probably say "stupid Windows doesn't know how to count."

So instead, we have two numbering schemes. Real, physical NICs get numbered "Ethernet ###" (or "Wi-Fi ###", etc.) while all the hidden network adapters get "Local Area Connection* ###". That way, the NICs that you see will be numbered starting from 1, even though there are a big pile of hidden network interfaces that were installed first.

What does the asterisk mean? The asterisk used to be the signal that the NIC was a hidden NIC. Older versions of Windows named all visible NICs "Local Area Connection ###", and hidden ones were distinguished by adding an extra asterisk. These days, we try to avoid using nerdy jargon like "Local Area Connection" when talking to you, so we changed the naming pattern to "Ethernet". But since hidden NICs don't matter, we kept their old naming pattern with the asterisk.

Personally, I feel Wireshark should optionally hide these interfaces, especially to help beginners visually focus on the actual connected interfaces they would want to do captures on.

You can also view these adapters through the device manager in Windows 10: click on Windows button, start typing "device manager" and select device manager.  Here is the "path": Control Panel > System > Device Manager > View > Show Hidden Devices > Network adapter>

Then look at Network Adapters: (here is mine) - and make sure you select View> Show hidden...

2019 12 24 9 40 10


I hope this little tip helps you.

Comments powered by CComment

Find by Tag

4G Networks 5G Networks 6LoWLAN 6LoWPAN 802.11 802.11ah 802.11ax 802.11ay 802.11az Addressing Analysis Ansible Architecture ARP AToM Baseline BGP Bloom's Taxonomy Broadband Cable cat CellStream Cellular Central Office Cheat Sheet Chrome Cisco Cloud CMD Coloring Rules Computer Consulting Customer Support Data Center Data Networking DHCPv6 DNS Docker Documentation Dublin-Traceroute dumpcap ECMP Ethernet Ethics Field Operations Fragmentation G-MPLS GeoIP Git GNS3 Google GQUIC Hands-On History Home Network ICMP ICMPv6 IEEE 802.11p IEEE 802.15.4 Interface Control Internet IoT IPsec IPv4 IPv6 IRINN IS-IS L2VPN L3VPN LDP Linux LLN LoL M-BGP MAC Macro Microsoft mininet Monitoring MPLS mtr MTU Multicast Name Resolution Netcat Netmiko NetMon netsh Networking Network Science nmap Npcap NSE Observations Online School OpenFlow OSPF OSPFv2 OSPFv3 OSX OTT Paris-Traceroute Parrot PIM PMTU Policy POTS POTS to Pipes PPP Profile Programming Project Management PW3E Python QoS QUIC Remote Desktop Requirements Resume RIP Routing RPL RSVP Rural SDN Security Service Provider Small Business SONET Speed SS7 SSH SSL Subnetting SYSCTL T-Shark TCP TCP/IP Telco Telecom 101 Telecommunications Telephone termshark Testing TLS Tools Traceroute Traffic Engineering Training Travel Tunnel Ubuntu Utility Video Virtualbox Virtualization VoIP VRF VXLAN WEP Wi-Fi Wi-Fi 4 Wi-Fi 5 Wi-Fi 6 Windows Winpcap Wireless Wireless 5G Wireshark Wireshark Tip WLAN WPA2 Writing Zenmap ZigBee

Twitter Feed