Hi,
I'm a newbie to this program & sniffing in general.
I am using NT4.0, SP5 over a modem line at 42.6k, with WinPcap 2.2 and
Ethereal 0.8.20, on device NdisWan7. I am starting ethereal in capture
mode, promiscuous, real-time update.
What I am seeing are these two seemingly separate working processes, and
a third, non-working one:
1) After starting capture, I initiate the dialup connection and capture
24+ logon packets. Then capture appears to just stop.
2) I browse to a web page using Netscape 6.1; after starting the browser
request, I start capture and it appears to be capturing packets normally.
non-working
3) After starting capture, the browser, mail viewer and all other
internet functions time out as if my modem connection was dropped.
What I am seeing seems to differ from the response below, and at:
http://www.ethereal.com/lists/ethereal-users/200110/msg00049.html
"Jannis Kafkoulas" <kajannis@xxxxxx> <mailto:kajannis@xxxxxx> writes:
aferen@xxxxxxxxxxxx <mailto:aferen@xxxxxxxxxxxx> (Andrew C. Feren) schrieb am 28.09.01:
> Guy Harris <gharris@xxxxxxxxx> <mailto:gharris@xxxxxxxxx> writes:
>
> > On Thu, Sep 27, 2001 at 09:16:20PM -0700, Pierre Combes wrote:
> > > Is it possible to set Ethereal to capture packets from a modem card?
> >
> > Only if you're running SLIP or PPP over the modem line, i.e. if you're
> > using it for networking - and then it'll work only if the packet capture
> > mechanism on your machine supports capturing on SLIP or PPP links. (For
> > example, WinPcap on Windows NT/2000 doesn't support it.)
>
> Are you sure about that? I have done a capture with E
thereal, using
> WinPcap, on NT, on a modem. Either that or I was halucinating badly
> that night.
>
> Can't speak for 2000 though.
[ snip ]
Andrew,
That's what I thought too some weeks ago but I
remembered that I was using Win98 just before NT.
It works with Win98 but not with NT. That's for sure.
Are you sure yet you were using NT when it worked?
Sorry for the long delay, I've been kind of busy. I finally had a
chance to play with this yesterday.
I was able to do a capture with Ethereal 0.8.17 running on NT.
HOWEVER, closer inspection revealed that this should probably not be
deemed as "working". Lots of strange things happened (for example I
couldn't establish new TCP connections) until I stopped the capture.
0.8.18 and 0.8.19 simply failed to work at all.