Wireshark · Ethereal-users: Re: [Ethereal-users] Ethereal doesn't capture outgoing communication

Ethereal-users: Re: [Ethereal-users] Ethereal doesn't capture outgoing communication

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Sun, 23 Feb 2003 12:43:52 -0800

On Sun, Feb 23, 2003 at 03:17:31PM +0200, Ruth Wasserman wrote:
> I installed Ethereal and for some reason when I run the capture it doesn't
> record the outgoing communication, only the ingoing.

On what operating system is this?

Are you capturing in promiscuous mode?

Ethereal doesn't include its own code to do packet capturing; it relies
on the libpcap/WinPcap library for that.  libpcap doesn't include code
to do packet capturing, either; it relies on the underlying UNIX's raw
packet capture mechanism.  WinPcap includes drivers to do that, but it
still depends on the Windows network card drivers and NDIS framework.

Thus, the behavior of packet capture depends on the OS you're using.  On
some OSes (such as Solaris), unless you capture in promiscuous mode you
won't see outgoing packets.  On some other OSes (such as HP-UX), you
might have to set a special flag in the OS to see outgoing packets.

References:
- [Ethereal-users] Ethereal doesn't capture outgoing communication
  - From: Ruth Wasserman

Prev by Date: Re: [Ethereal-users] Capture conversions
Next by Date: Re: [Ethereal-users] Capture conversions
Previous by thread: [Ethereal-users] Ethereal doesn't capture outgoing communication
Next by thread: [Ethereal-users] Capture conversions
Index(es):
- Date
- Thread