Networking/Computing Tips/Tricks

Rate this content:
0 of 5 - 0 votes
Thank you for rating this article.

Using Wireshark in Microsoft Windows reveals some quirks that naturally leave you scratching your head as to what is going on. 

For example, when I launch Wireshark on my Windows 10 system I see a bunch of different interfaces.  Some make sense (Wi-Fi, Ethernet 2) but others....:

2019 12 24 9 15 22

What are all the Local Area Connections?  What is the asterisk?  Why is my only Ethernet interface Ethernet 2 not Ethernet 1?

So many questions.

The simple answer is to open a Powershell (Windows button> X> A) and type the following command:

Get-NetAdapter -IncludeHidden

Powershell will explain what each of these adapters is:

2019 12 24 9 19 02

Now the output you get will vary from mine.  But this command clearly defines which interface is which.

I found this explanation on the web:

Windows makes several "simulated" network adapters for various purposes. For example, if you're on an IPv4-only network, but you want to connect to an IPv6 computer on the internet, Windows can create a simulated network adapter that tunnels the IPv6 traffic through your IPv4 network.

There are actually quite a few of these simulated network adapters. Since they usually quietly take care of themselves, and they don't correspond to any actual network hardware that you (the end-user) can see or touch, Windows will hide them by default, to avoid clutter.

Now suppose Windows just started numbering all the adapters with the same naming scheme ("Ethernet 1", "Ethernet 2", "Ethernet 3", . . ., etc.). Then by the time you actually install your actual NIC, it would probably get a name like "Ethernet 7". But since Windows hides the first 6 network interfaces, you'd see a listing that only includes one NIC: "Ethernet 7". And you'd probably say "stupid Windows doesn't know how to count."

So instead, we have two numbering schemes. Real, physical NICs get numbered "Ethernet ###" (or "Wi-Fi ###", etc.) while all the hidden network adapters get "Local Area Connection* ###". That way, the NICs that you see will be numbered starting from 1, even though there are a big pile of hidden network interfaces that were installed first.

What does the asterisk mean? The asterisk used to be the signal that the NIC was a hidden NIC. Older versions of Windows named all visible NICs "Local Area Connection ###", and hidden ones were distinguished by adding an extra asterisk. These days, we try to avoid using nerdy jargon like "Local Area Connection" when talking to you, so we changed the naming pattern to "Ethernet". But since hidden NICs don't matter, we kept their old naming pattern with the asterisk.

Personally, I feel Wireshark should optionally hide these interfaces, especially to help beginners visually focus on the actual connected interfaces they would want to do captures on.

You can also view these adapters through the device manager in Windows 10: click on Windows button, start typing "device manager" and select device manager.  Here is the "path": Control Panel > System > Device Manager > View > Show Hidden Devices > Network adapter>

Then look at Network Adapters: (here is mine) - and make sure you select View> Show hidden...

2019 12 24 9 40 10


I hope you find this article and its content helpful.  Comments are welcomed below.  If you would like to see more articles like this, please support us by clicking the patron link where you will receive free bonus access to courses and more, or simply buying us a cup of coffee!, and all comments are welcome!

Add comment


Did you learn something?
Did I save you time? 

Buy me a coffeeBuy me a coffee!

Find by Tag

5G Networks 6LoWLAN 6LoWPAN 802.11 802.11ah 802.11ax 802.11ay 802.11az ACL Addressing Analysis Ansible Architecture ARP Assessment AToM Backup Bandwidth BGP Bibliography Biography Briefings CBRS CellStream Cellular Central Office Cheat Sheet Chrome Cisco Clock Cloud Computer Consulting CPI Data Center Data Networking Decryption DHCPv4 DHCPv6 Display Filter DNS Documentation ECMP EIGRP Ethernet Flipping the Certification Model Follow Me Fragmentation Git GNS3 Google GQUIC Hands-On History Home Network HTTPS ICMP ICMPv6 IEEE 802.11p IEEE 802.15.4 In A Day Internet IOS Classic IoT IPv4 IPv6 L2 Switch L2VPN L3VPN LDP Learning Services Linux LLN Logging LoL M-BGP MAC MAC OSx Macro Microsoft mininet Monitoring Monitor Mode MPLS Multicast Name Resolution Netflow NetMon netsh Networking Network Science nmap Npcap nslookup Online Learning Online School OpenFlow OSPF OSPFv2 OSPFv3 OSX Parrot Passwords pcap pcap-ng PIM Ping Policy Port Mirror POTS POTS to Pipes PPP Profile Profiles Programming Project Management Python QoS QUIC Requirements RFC RIP Routing RPL RSVP SAS SDN Security Self Certification Service Provider Small Business Smartport SONET Span Port SSH SSL Subnetting T-Shark TCP TCP/IP Telco Telecom 101 Telecommunications Telnet Terminal TLS Tools Traceroute Traffic Analysis Traffic Engineering Training Travel Troubleshooting Tunnel Utility Video Virtualbox Virtualization Voice VoIP VXLAN Webex Wi-Fi Wi-Fi 4 Wi-Fi 5 Wi-Fi 6 Wi-Fi 6/6E Windows Wireless Wireless 5G Wireshark Wireshark Tip WLAN ZigBee Zoom

Twitter Feed