I am trying to capture multicast traffic via Wireshark (actually TShark), however the switch has IGMP snooping enabled and will only send Multicast traffic on the ports that have an active IGMP subscription.
I am currently getting around this by having a separate application hold the groups open I wish to record, but I am trying to set up a system to start/stop recording data dynamically and this extra complexity is painful.
Is there a way to force Wireshark to send out IGMP Subscriptions for multicast groups it is recording?
Best Answer
You can use "ip maddr add" to subscribe to additional groups. That should cause the kernel to respond to IGMP queries and receive traffic for them.