Wireshark · Ethereal-users: Re: [Ethereal-users] Windows version not showing outgoing traffic

Ethereal-users: Re: [Ethereal-users] Windows version not showing outgoing traffic

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Mon, 26 Nov 2001 12:38:33 -0800 (PST)

> I have also seen this behavior on my Windows ME machine. I assume this
> is a problem with ME and WinPcap.

His problem was that he was running 0.8.18, and doing an "Update list of
packets in real time" capture; a bug in 0.8.18 meant that, unless your
preferences file specified promiscuous mode, "Update list of packets in
real time" capture weren't done in promiscuous mode.

Non-promiscuous mode captures, at least with the version of WinPcap he
had, were seeing only incoming traffic, not outgoing traffic; I don't
know if this is because NDIS (at least on his OS) was behaving like DLPI
(at least on Solaris) and supplying outgoing packets only in promiscuous
mode (presumably because outgoing packets aren't being sent to the
machine running the NDIS or DLPI application, and thus could be
considered packets that wouldn't be seen if you aren't in promiscuous
mode), or because he was running WinPcap 2.02, which used the wrong
"packet filter" (in the NDIS sense, *NOT* in the BPF/libpcap sense) when
not running in promiscuous mode.

References:
- RE: [Ethereal-users] Windows version not showing outgoing traffic
  - From: Jeff Foster

Prev by Date: [Ethereal-users] file types for tethereal
Next by Date: Re: [Ethereal-users] capture filters for windows
Previous by thread: RE: [Ethereal-users] Windows version not showing outgoing traffic
Next by thread: [Ethereal-users] ENZILIMP - A solu��o correta contra � degrada��o ambiental
Index(es):
- Date
- Thread