Hi,
I want to use Ethereal to record the DNS frames exchange by sniffing from a
Windows 2000 workstation connected to a Token-Ring LAN.
I have installed the last binary packages of Ethereal 0.9.11 and winPcap
3.0 BETA.
I did try Ethereal without capture filter and it worked well. Then to avoid
recording too much packets I did try using the capture filter "port 53" but
I could not capture anything.
I first did the trial with Ethereal using the GUI and then I tried using
Tethereal on a DOS box with the following command:
tethereal -f "port 53" and I got a message telling the capture was started
"Capturing on \Device\NPF_{4D99DD04-CFB5-4973-BB80-602D8927503D}" but I
could not see any packet despite running several nslookup commands.
Note that I did exactly the same trials on another workstation running
windows NT4 sp6 and got the same negative results.
I have checked the filter syntax with tcpdump on an AIX machine (tcpdump
-Ii en1 port 53) & it was fine...
Where does come the problem ? Is there a special syntax for recording DNS
packets ? Do you think I need to compile winPcap / Ethereal ?
Thanks a lot for your help.
With kind regards
Pascal Chauffour