On Wed, Nov 22, 2000 at 01:16:05PM -0500, CO Group Webmaster wrote:
> Hi. I have a simple question before I download and install everything I
> need to run Ethereal. Assuming I install Ethereal on a certain PC, can I
> capture all the inbound AND OUTBOUND traffic to/from that same PC? I am
> asking because I tried the LanSleuth software and I can't seem to get it to
> capture traffic that is coming OUT of the same PC that it's installed on.
Whether Ethereal will be able to capture outbound traffic may depend on
why LanSleuth apparently can't do so.
If it can't do so because the driver they (presumably) supply to get at
raw network traffic can't do so, Ethereal may be able to do so; I've
certainly been able to see outgoing traffic on Windows NT, so maybe the
folks at the Politecnico di Torino are cleverer than the folks at SSI.
:-)
If, however, it can't do so because the *network card driver* doesn't
supply outgoing packets to drivers that plug into the network card
driver, it may be that Ethereal will be as unsuccessful as LanSleuth is
- and it may be that other packet analyzers will be equally
unsuccessful. (Allowing incoming packets to be seen, on a number of
OSes, may merely require that whatever mechanism is doing the packet
tapping arrange to have all incoming packets sent to it; allowing
outgoing packets to be seen requires that, somewhere in the process of
the packet being sent, some piece of code know that this packet needs to
be handed to that mechanism, which may be less obvious.)