I'm running Server 2022 and have a SET TEAM set up for my VMs. Previously, I've installed Wireshark on our DHCP VM without issues, but now I'm facing a situation with our SQL production app. A vendor has asked me to use Wireshark to troubleshoot the app that keeps crashing. Is it advisable to install Wireshark directly on our SQL VM, or should I go for a different setup like using a separate VM with port mirroring? Any suggestions would be greatly appreciated!
2 Answers
You can actually do packet captures on Windows without installing anything! Check out the link I found. After capturing, just convert it to Wireshark format with etl2pcapng, and you can open it right in Wireshark.
For monitoring, it's generally better to set up a dedicated VM for PCAP capturing using port mirroring rather than installing Wireshark directly on your production SQL server. This method is safer and less likely to affect performance. You could use another Windows server with Wireshark or a lightweight Linux VM with tcpdump. Keep in mind that enabling mirroring might slow down your SQL server slightly, but it’s definitely less risky than running Wireshark directly. Also, I think the initial Wireshark installation requires a reboot due to npcap, which can be inconvenient. If you're using a reverse proxy, you might also capture traffic inline if that’s an option for you.
Just a heads up, you usually don't need to reboot after installing Wireshark and npcap, although they recommend it. I’ve run it fine without a reboot before.
Thanks for the insight! I might disable port mirroring if it creates issues. I'm currently in my maintenance window and will give it a shot.
This is intriguing! We've noticed our app crashing randomly, mostly in the mornings, and it’s concerning since other VMs and devices seem fine. I’ll try keeping this running all day until the issue pops up. I’ve also had trouble with Wireshark, where it becomes unresponsive even after a stop command. Any tips on that?