On Thu, Mar 20, 2003 at 12:11:47PM +0100, Pascal Chauffour wrote:
> I did try Ethereal without capture filter and it worked well.
Did it capture any unicast traffic (not broadcast and not multicast)
that was neither sent to the machine running Ethereal or from the
machine running Ethereal?
> Then to avoid
> recording too much packets I did try using the capture filter "port 53" but
> I could not capture anything.
> I first did the trial with Ethereal using the GUI and then I tried using
> Tethereal on a DOS box with the following command:
> tethereal -f "port 53" and I got a message telling the capture was started
> "Capturing on \Device\NPF_{4D99DD04-CFB5-4973-BB80-602D8927503D}" but I
> could not see any packet despite running several nslookup commands.
Did you run nslookup *on the machine running Ethereal/Tethereal*? (I
assume the DNS server wasn't running on that machine.)
If not, then is the token-ring LAN switched?
If so, then does that mean that unicast traffic from one station on the
LAN to another station on the LAN can be seen by a third station on the
LAN? If not, that's the standard switching problem.
If the LAN isn't switched, is this your interface a Madge token-ring
cards? If so, it might have promiscuous mode disabled:
http://www.madge.com/_assets/downloads/lsshelp8.0/LSSHelp/AdvFeat/Promisc/Promisc2.htm