Title: RE: [Ethereal-users] can't set filters on madge smart 16/4 pci to ken ring card. works ok if no capture filter set
Definitely 'all traffic'. A capture with no filter reveals a large amount of http traffic from multiple sources. At the time of the trace I am generating no http traffic from my machine. The purpose is to set up a server that will monitor all traffic in/out of the company. The point at which we are sniffing is a high traffic point just before data enters/leaves the company.
-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxx]
Sent: Thursday, March 14, 2002 2:28 PM
To: Broggy, David
Cc: 'ethereal-users@xxxxxxxxxxxx'
Subject: Re: [Ethereal-users] can't set filters on madge smart 16/4 pci
to ken ring card. works ok if no capture filter set
On Thu, Mar 14, 2002 at 09:34:37AM -0600, Broggy, David wrote:
> Sorry for not being more specific. If I set no filter I can capture all
> traffic.
All traffic, or all traffic to and from your machine, but not any
traffic that is neither to nor from your machine? Check the capture
carefully.
> If I set a filter like 'port 80' to watch http no traffic is
> captured.
Is any HTTP traffic going to or from your machine at the time?
If not, and if, when you carefully check the captures you get with no
filter, you see only traffic to and from your machine, the problem is
probably that the driver for your card doesn't allow the card to go into
promiscuous mode. This is something about which Ethereal can do
nothing; you'd have to get a fix from whoever supplied the driver.
> I don't receive any errors from ethereal. The only default option
> I am changing is I turn off name resolution. I'm using version 0.9.1 of
> Ethereal.
If it's a promiscuous-mode problem, Ethereal isn't involved - it's an
innocent bystander. Ethereal depends on the libpcap/WinPcap library,
the WinPcap driver on Windows, and the device driver and networking code
in the OS, to do packet capture; it cannot do anything that that those
other pieces of software do not allow it to do, and if an attempt to
turn promiscuous mode on doesn't get an error from that software, but
also doesn't turn promiscuous mode on, not only can Ethereal not do
anything about it, it can't even report the problem, as it doesn't know
there is a problem.
| This message has been 'sanitized'. This means that potentially
dangerous content has been rewritten or removed. The following
log describes which actions were taken.
Sanitizer (start="1016213665"):
Part (pos="1680"):
SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
Match (rule="2"):
Enforced policy: accept
Part (pos="3954"):
SanitizeFile (filename="unnamed.html", mimetype="text/html"):
Match (rule="default"):
Enforced policy: accept
Rewrote HTML tag: >>_META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"_<<
as: >>_MANGLED_ON_PURPOSE_META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"_<<
Rewrote HTML tag: >>_META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12"_<<
as: >>_MANGLED_ON_PURPOSE_META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12"_<<
Total modifications so far: 2
Anomy 0.0.0 : Sanitizer.pm
$Id: Sanitizer.pm,v 1.32 2001/10/11 19:27:15 bre Exp $
|