Networking/Computing Tips/Tricks

Using Wireshark in Microsoft Windows reveals some quirks that naturally leave you scratching your head as to what is going on. 

For example, when I launch Wireshark on my Windows 10 system I see a bunch of different interfaces.  Some make sense (Wi-Fi, Ethernet 2) but others....:

2019 12 24 9 15 22

What are all the Local Area Connections?  What is the asterisk?  Why is my only Ethernet interface Ethernet 2 not Ethernet 1?

So many questions.

The simple answer is to open a Powershell (Windows button> X> A) and type the following command:

Get-NetAdapter -IncludeHidden

Powershell will explain what each of these adapters is:

2019 12 24 9 19 02

Now the output you get will vary from mine.  But this command clearly defines which interface is which.

I found this explanation on the web:

Windows makes several "simulated" network adapters for various purposes. For example, if you're on an IPv4-only network, but you want to connect to an IPv6 computer on the internet, Windows can create a simulated network adapter that tunnels the IPv6 traffic through your IPv4 network.

There are actually quite a few of these simulated network adapters. Since they usually quietly take care of themselves, and they don't correspond to any actual network hardware that you (the end-user) can see or touch, Windows will hide them by default, to avoid clutter.

Now suppose Windows just started numbering all the adapters with the same naming scheme ("Ethernet 1", "Ethernet 2", "Ethernet 3", . . ., etc.). Then by the time you actually install your actual NIC, it would probably get a name like "Ethernet 7". But since Windows hides the first 6 network interfaces, you'd see a listing that only includes one NIC: "Ethernet 7". And you'd probably say "stupid Windows doesn't know how to count."

So instead, we have two numbering schemes. Real, physical NICs get numbered "Ethernet ###" (or "Wi-Fi ###", etc.) while all the hidden network adapters get "Local Area Connection* ###". That way, the NICs that you see will be numbered starting from 1, even though there are a big pile of hidden network interfaces that were installed first.

What does the asterisk mean? The asterisk used to be the signal that the NIC was a hidden NIC. Older versions of Windows named all visible NICs "Local Area Connection ###", and hidden ones were distinguished by adding an extra asterisk. These days, we try to avoid using nerdy jargon like "Local Area Connection" when talking to you, so we changed the naming pattern to "Ethernet". But since hidden NICs don't matter, we kept their old naming pattern with the asterisk.

Personally, I feel Wireshark should optionally hide these interfaces, especially to help beginners visually focus on the actual connected interfaces they would want to do captures on.

You can also view these adapters through the device manager in Windows 10: click on Windows button, start typing "device manager" and select device manager.  Here is the "path": Control Panel > System > Device Manager > View > Show Hidden Devices > Network adapter>

Then look at Network Adapters: (here is mine) - and make sure you select View> Show hidden...

2019 12 24 9 40 10


I hope this little tip helps you.

Comments powered by CComment

The nicest thing you can do is use these inks to support us!  Thank you!

Support our research!  Buy me a coffee :)

Support our research. Become a Patron!

Find by Tag

4G Networks 5G Networks 6in4 6LoWLAN 6LoWPAN 802.11 802.11ah 802.11ax 802.11ay 802.11az Addressing Analysis Ansible Architecture ARP AToM BGP Bloom's Taxonomy Broadband Cable cat CBRS CellStream Cellular Central Office Cheat Sheet Chrome Cisco Cloud Coloring Rules Computer Consulting CPI Customer Support Data Center Data Networking DHCPv6 DNS Docker Documentation Dublin-Traceroute dumpcap ECMP Ethernet Ethics Fragmentation G-MPLS Git GNS3 Google GQUIC Hands-On History Home Network ICMP ICMPv6 IEEE 802.11p IEEE 802.15.4 Interface Control Internet IoT IPsec IPv4 IPv6 IS-IS L2VPN L3VPN LDP Linux LLN LoL M-BGP MAC MAC OSx Macro Microsoft mininet Monitoring MPLS MTU Multicast My Room Name Resolution Netcat Netmiko NetMon netsh Networking Network Science nmap Npcap Online School OpenFlow OSPF OSPFv2 OSPFv3 OSX OTT Paris-Traceroute Parrot PIM pktmon PMTU Policy POTS POTS to Pipes PPP Profile Programming Project Management Protocol 41 PW3E Python QoS QUIC Remote Desktop Requirements RIP Routing RPL RSVP Rural SAS SDN Security Service Provider Small Business SONET Speed SS7 SSH SSL Subnetting SYSCTL T-Shark TCP TCP/IP Telco Telecom 101 Telecommunications Telephone termshark TLS Tools Traceroute Traffic Engineering Training Travel Tunnel Ubuntu Utility Video Virtualbox Virtualization VoIP VRF VXLAN Webex WEP Wi-Fi Wi-Fi 4 Wi-Fi 5 Wi-Fi 6 Wi-Fi 6/6E Windows Winpcap Wireless Wireless 5G Wireshark Wireshark Tip WLAN WPA2 Zenmap ZigBee Zoom

Support us by clicking:

Twitter Feed