Ethereal-users: RE: [Ethereal-users] installing ethereal-setup-0.8.19.exe on Windows 2000 Profes

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "John Lau" <john.lau@xxxxxxx>
Date: Thu, 27 Sep 2001 10:35:44 -0700
Yup, you're right about 2.2.  I got my first copy from some other site
because the main site was down.  But now it's up again, and 2.2 works.

Speaking of Code Red, there is now a fairly new security tool at
http://www.microsoft.com/technet/mpsa/start.asp.  This will scan your NT or
2000 computer for security vulnerabilities.  Check it out.  Just thank Bill
for his Windows admin full employment plan.

-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxx]
Sent: Wednesday, September 26, 2001 5:19 PM
To: John Lau
Cc: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] installing ethereal-setup-0.8.19.exe on
Windows 2000 Professional computer


> I tried to install ethereal-setup-0.8.19.exe on my Win2k prof computer.
> WinpCap 2.2 does not work.  You need to go to
> http://microsystems.homestead.com/sniffer.html and get the
> Analyzer_package.zip file which contains WinpCap 2.1.  When I uninstalled
> WinpCap 2.2 and then installed WinpCap 2.1, Ethereal worked!

And when I installed WinPcap 2.2 on my W2K Professional machine here,
Ethereal worked just fine.

We have no reason to believe, therefore, that Ethereal requires WinPcap
2.1.  Your 2.2 may have been misinstalled, or there may be some problem
on your machine that keeps it from working with any capture program.

> One thing I noticed that may be a problem.
>
> I'm trying to use Ethereal to test whether SSL is working on my web site.
> So I went to BankOne's site at http://www.bankone.com/ and tried to logon
to
> their Online banking thinking they would use SSL.  I used Ethereal to
> capture the packets so I could compare their packets to my packets.  Well,
> this worked, except that when I stopped the capture, my Norton virus
program
> told me it had quarantined the CodeRed Worm in a file called
> "etherXXXXa01884"!!!

Well, if there was a Code Red attack going on while you were doing the
capture, the capture might well contain a string that might also be in
the Code Red program, if that's what the virus program looks for.

Or perhaps the signature for which it looks is sufficiently non-specific
that legitimate network traffic could look like a signature to it.