I’ve been asked quite a few times to help with network issues, and my FAVORITE tool for protocol problem detection is Wireshark.
I’m going to write this tutorial to instruct folks how to run the tool. Hopefully it’ll come as a handy reference.
And, if you’re at all curious about what’s going on inside your network, this tool will show it to you.
First, install Wireshark on the server that is sharing your media (this is for Windows / Linux Workstations, not NAS.) Wireshark is a tool available HERE. When I started in this business, “Sniffer” software cost THOUSANDS of dollars per year to own. This is much better, and it is FREE.
Follow the installation instructions located on that website.
When all is installed and ready, follow these steps:
Shut down ANY OTHER network applications (Browsers, E-mail, ANYTHING that is using the network except for the server itself) and RUN Wireshark.
Select CAPTURE / INTERFACES:
Find the line that lists your ACTIVE ETHERNET INTERFACE. On my example, it’s pretty obvious, since I only have a single interface. Click START, and you’ll be returned to the main window, which may now start to get very busy with “Packets” being displayed:
If you’re at all curious, what *I* see immediately in the window are: Spanning Tree packets coming from my Verizon FiOS ActionTec router (every 2 seconds), some FiOS DVR traffic, the yellow packets are NetBios NAME adverts for a server called NEPTUNE, and some Windows 7 DLNA Media Server traffic.
Go to your WD and REBOOT it.
Wait about 1 minute after the reboot, then go to the NETWORK SETTINGS screens and note the IP address of the WDTV.
Select the NETWORK SHARES icon (the one that doesn’t work.
Go back to your PC and do CAPTURE / STOP.
Do FILE / SAVE and save the file to your computer. If I’m working with you on an issue, I’ll ask you to send it to me via FTP to one of my servers.
For the sake of discussion, let’s look at how the WDTV discovers WINDOWS Shares.
In the Filter box at the top, type “browser” (without quotes) and click APPLY.
This will now display only Browser-related SMB Protocol packets. SMB is the protocol by which the WDTV (and Windows computers) talk to each other, and Browser packets are how the systems discover one another on the network.
Now we see, in order:
Packet 2 says “LS-FRONT” is the Master Browser. You can’t see it on this screen, but it also says it’s the Master for a domain called “ROUTERS.” I keep my routers (which are DLNA servers) in their own group.
Packet 3 is from the same router, LS-FRONT, advertising the EXISTENCE of a Workgroup named ROUTERS.
Packet 31 is a host called SATURN making itself known.
Packet 215, 790, 5616 and 6563 are all from a router called LS-BACK advertising itself to the workgroup
Packet 1430 is a host called NEPTUNE making itself known. Neptune is actually the server that’s running WIRESHARK.
Packet 5764 is “WDTVLIVEMB” advertising itself after bootup.
Packet 6565 is the MASTER BROWSER advertisement from my NAS, BIGNAS1
Packet 6566 is also from BIGNAS1, advertising the Workgroup “WORKGROUP.”
Note: The server capturing this data, NEPTUNE is NOT the Master Browser. If it were, we’d see LOTS more data, because the Master is, well, the Master of the workgroup.
Note that these packets are all “Broadcasts.” They are visible to EVERY SYSTEM on the network (the address 10.0.0.255 means “All IP Hosts on network 10.0.0.0/24”)
This is all NORMAL. This is how things should work. The masters are advertising themselves, and the PCs and WDTV are making themselves known and everyone’s happy. In the next post, I’m going to FORCE my server to be the Master Browser so we can see the additional detail. I’m going to do this by SHUTTING OFF Every other server. Hopefully, when I start things back up, they don’t “Steal” the browser status away from it.