On Nov 4, 2003, at 4:20 PM, Phant0m`` wrote:
I’m an assistant of Look ‘n’ Stop Personal Firewall product, and
recently had a user come forth and report on the official forum an
anomaly with Ethereal 0.9.15c detecting accurate Interfaces when Look
‘n’ Stop GUI is running.
He is running:
- Ethereal 0.9.15c (as mentioned aboved)
- Microsoft Windows 98 Second Edition
- Dial-up (56k)
- WinPcap v3.01a
Well, the last two won't necessarily work together:
http://winpcap.polito.it/misc/changelog.htm
"Version 3.0 beta, 10 feb 03
...
o NdisWan support:
o due to the large number of messages reporting problems (blue
screens) with VPNs, PPTP and such connections, we have disabled the
support for NdisWan adapters. As a consequence, it is not possible to
capture from PPP (neither NdisWanIp, nor NdisWanBh, nor
NdisWanBfIn/Out...). At the moment we have no plans to fix the problem
with VPNs, PPTP, PPP unless we get a generous sponsorship."
More Details:
Look ‘n’ Stop Personal Firewall uses Emulated Drivers for Interfaces,
when Look ‘n’ Stop GUI isn’t running Ethereal 0.9.15c sees "PPP
Adapter.: PPPMAC”, when Look ‘n’ Stop GUI is running it shows
"Unknown: PPPMAC".
The emulated drivers might not work with WinPcap.
Do you believe updating Ethereal 0.9.15c to Ethereal 0.9.16 will fix
this users anomaly?
I don't believe that any change to Ethereal whatsoever will fix this
problem, as it's almost certainly a WinPcap issue. Ethereal does not
include any code to get network interfaces to capture packets; it
relies on libpcap/WinPcap, and the OS facilities it uses, to do that.
I suspect that if they tried using WinDump they'd see similar problems,
which would mean that it's a WinPcap issue.
If not then how to proceed to fix this anomaly to use Ethereal when
Look ‘n’ Stop Personal Firewall is running?
Ask the WinPcap developers:
http://winpcap.polito.it/contact.htm