Anthony -
Aren't your pings from the system running ethereal?
- jeff parker
- axiowave networks
- The man who is denied the opportunity of taking decisions of importance
- begins to regard as important the decisions he is allowed to take.
> -----Original Message-----
> From: Guy Harris [mailto:gharris@xxxxxxxxx]
> Sent: Thursday, July 05, 2001 3:53 PM
> To: Anthony Abby
> Cc: ethereal-users@xxxxxxxxxxxx
> Subject: Re: [Ethereal-users] Ethereal Tutotial Follow-on
>
>
> On Thu, Jul 05, 2001 at 12:43:07PM -0700, Anthony Abby wrote:
> > I can see lots of ARP, BROWSER, and DNS packets being
> > captured off the line,
>
> With the exception of the DNS packets, those tend to be broadcast
> packets, so this sounds like a promiscuous-mode or switched-network
> issue.
>
> > but I do not see any packets
> > being capture related to http/smtp/pop
>
> Those are TCP-based protocols, so those packets aren't broadcast
> packets.
>
> > When I started the packet sniffing I had selected to
> > capture in promiscuous mode and didn't receive an
> > error, although I'm not sure I would or not if my NIC
> > will not support promiscuous mode.
>
> 1) It's conceivable that the NIC doesn't support promiscuous mode, or
> that the driver doesn't enable it, but if it's an Ethernet
> interface,
> that's *probably* not the problem.
>
> 2) Due to a bug in Ethereal 0.8.18, if, in that version, you do an
> "Update list of packets in real time" capture, it won't run in
> promiscuous mode, even if you've selected it, unless Ethereal is
> explicitly configured to do promiscuous captures by default.
>
> To configure it to do promiscuous captures by default, do a
> promiscuous-mode capture, stop the capture, select the
> "Preferences"
> item under the "Edit" menu, and click "Save", and then
> exit Ethereal.
>
> 3) Even if promiscuous mode *is* enabled, if you're on a switched
> network (note that some "hubs" are, in fact, switches), a machine
> running on one port probably won't see any unicast traffic
> other than
> traffic to or from that machine.
>
> To get around that, you'd have to set up the port into which the
> machine running Ethereal (or any *other* packet analyzer; that
> problem isn't specific to Ethereal) is plugged so that traffic on
> other ports is "mirrored" to that port. Not all switches
> necessarily
> support that type of "port mirroring", and the way it's done is
> dependent on the switch - I don't know how to configure any
> particular switches to do that, you'd have to check the
> documentation
> for the switch.
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>