Ethereal-users: Re: [ethereal-users] Capturing on Linux ATM interfaces

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Carl Klatsky <cklatsky@xxxxxxx>
Date: Fri, 18 Aug 2000 17:33:47 -0400
Just wanted to update you on what I tried.  Based on what you said about
the version of libpcap, I downloaded and built libpcap 0.5, and the
rebuilt ethereal.  When I did this and copied it over to my target
machine, from the capture dialogue box pull down menu, I could only
select eth0 and lo0.  This was weird.  I tried the ethereal version
built with libpcap 0.4, and the same thing happened with selecting
interfaces.  It seems only that the ethereal version built with libpcap
0.4a6 can see the ATM interfaces in the capture menu.

I tired to use tcpdump to capture a file from the ATM interfaces and
view it in ethereal, but I'm having problems with tcpdump on my target
machine.  Whenever I try to run tcpdump from the command line, I get a
segmentation fault.

Is there any other ethereal debugging I can try without tcpdump?  In the
meantime, I'll play around with tcpdump on my target machine and see if
I can get that to work.

Carl

Guy Harris wrote:
> 
> > I built it on a Linux box that did not have the ATM interface and copied
> > it over.  Would that make a difference?
> 
> The presence or absence of the interface on the machine on which you
> build Ethereal should, in and of itself, make no difference whatsoever.
> 
> The version of libpcap you have on that machine, however, might make a
> difference - but I wouldn't expect Ethereal to fail in that particular
> fashion in that case, I'd expect it to fail with "The capture session
> could not be initiated".
> 
> Try using tcpdump to capture traffic on the ATM interface, using the
> "-w" flag to send the raw capture data to a file (we want the raw
> capture data, *not* the text that tcpdump prints by default, here), and
> then try to use Ethereal to read the capture file; if it fails, run
> tcpdump with a "-r" flag, reading from the capture, to make sure it
> doesn't have anything in it you don't want to leave your site, and then
> send a copy to this list so we can figure out why Ethereal can't read
> it.

-- 
|Carl Klatsky	    |Ph:     732.530.4471     |
|3NO Systems, Inc.  |Fax:    732.530.2110     | 
|http://www.3no.com |E-mail: cklatsky@xxxxxxx |