On Tue, 01 Aug 2000 10:27:45 you wrote:
>
> Hi,
>
> I have ethereal 0.8.2 installed on an AIX 4.3.3.0-02 system, with
> bos.rte.tty at 4.3.3.16.
>
> Ethereal works fine for the case where I have it installed on machine A,
> and capture packets being sent between machines B and C (all aix boxes).
> What doesn't appear to work is the case where I have ethereal on machine A
> and packets being sent between machine A and machine B (or machine C for
> that matter). Ethereal will capture the packets being sent TO machine A but
> will not capture packets being sent FROM machine A. I am using a network
> benchmark utility that generates consistent sized messages, and if I run a
> test to send data from A to B with A running ethereal, I will only see the
> ACK packets going from B to A. If I run the same test, but run ethereal on
> B, I see only the data packets going from A to B. If I use iptrace to
> capture raw network data and display with ethereal, I can see the whole
> transmission in both directions, no matter which machine I am capturing
> from.
>
> I have tried this in various combinations, with various filters (including
> none), and the behaviour is consistent: ethereal doesn't capture packets
> being sent from the machine it is running on.
>
> When I start a capture I get some warnings which I suspect are relevant:
> WARNING: DL_PROMISC_MULTI failed (recv_ack: promisc_multi error 0x3)
> WARNING: DL_PROMISC_SAP failed (recv_ack: promisc_sap error 0x3)
Indeed, the messages are relevant. What version of libpcap did you install?
Did you compile from source, or install a binary package (the question
is pertinent to both ethereal and libpcap)?
(And BTW, Ethereal can read iptrace files just fine, both iptrace 1.0 (AIX3)
and 2.0 (AIX4) )
--gilbert