Ethereal-users: Re: [Ethereal-users] Absolute Newbie: Capture incredibly slow

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 7 Oct 2001 13:01:43 -0700
On Sun, Oct 07, 2001 at 09:49:08PM +0200, Bart wrote:
> I'm running Ethereal and Windump on Windows 2000 on an PPPoE-Connection
> (German Telekom ADSL-PPP, "Engel"-PPPoE-Drivers).
> It is even so slow, that my firewall (ZoneAlarm - I tried to to capture
> with firewall switched off as well with the same result) doesn't show
> any activity at all.
> When I try to load a webpage with IE5.5 with capturing enabled, it's
> loading for ages and finally I get error 500 "Internal Server Error".
> Please, does anyone have an idea what to do?
> With WinDump, I get the same error.

Which means it's probably a WinPcap problem.

>From the Ethereal FAQ:

	http://www.ethereal.com/faq.html#q3.10

"Q 3.10: I'm running Ethereal on Windows NT/2000; my machine has a PPP
(dial-up POTS, ISDN, etc.) interface, and it shows up in the "Interface"
item in the "Capture Preferences" dialog box.  Why can no packets be
sent on or received from that network while I'm trying to capture
traffic on that interface?

A: WinPcap doesn't support PPP WAN interfaces on Windows NT/2000; one
symptom that may be seen is that attempts to capture in promiscuous mode
on the interface cause the interface to be incapable of sending or
receiving packets.  You can disable promiscuous mode using the -p
command-line flag or the item in the "Capture Preferences" dialog box,
but this may mean that outgoing packets, or incoming packets, won't be
seen in the capture."

> However, I have installed two
> different Packt Capture Drivers, WinPCap and the Paket2K Driver for
> WinDump.

The driver for WinDump *is* WinPcap's driver - the current version of
WinDump doesn't include its own driver, it relies on you having
installed WinPcap.

Sorry, WinPcap and PPP interfaces (probably including PPPoE interfaces)
simply don't work together:

	http://netgroup-serv.polito.it/winpcap/misc/faq.htm

"Q-4: Can I use WinPcap on a PPP connection?

A: We have tested WinPcap on PPP connections under Windows 95, Windows
98 and Windows ME.  In Windows 95, due to a bug in NDIS, WinPcap
sometimes resets the PPP connection.  In Windows 98/ME this bug appears
to be corrected, and WinPcap seems to work properly.  Under Windows NT
and Windows 2000 there are problems with the binding process, that
prevents a protocol driver from working properly on the WAN adapter."

You might simply have to abandon the idea of using Ethereal - or
WinDump, or any other libpcap/WinPcap-based application - on your PPPoE
connection.

You could try asking winpcap@xxxxxxxxxxxxxxxxxxxxxxx for help, but
they'll probably tell you the same thing I did.