Wireshark · Ethereal-users: Re: [Ethereal-users] Trouble w/ Capture ipsec Traffic Using SSH Sentinel on WinXP

Ethereal-users: Re: [Ethereal-users] Trouble w/ Capture ipsec Traffic Using SSH Sentinel on WinX

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Sun, 14 Dec 2003 13:02:37 -0800

On Sun, Dec 14, 2003 at 01:38:56PM -0500, Mike McCandless wrote:
> When I run the Ethereal capture, I select the SSH Virtual NIC as the
> interface.  Problem is, the only traffic I see is a couple of ARP packets.
> I know there is more going on.  I'm guessing there is some option that tells
> Ethereal to capture/display the AH, ESP, ISAKMP, etc. traffic.

Ethereal captures everything libpcap captures, and nothing it doesn't
capture; libpcap captures everything the underlying OS's packet capture
mechanism give it, and nothing else.  The only option libpcap offers is
promiscuous mode vs. non-promiscuous mode, and that's usually the only
option the underlying OS's packet capture mechanism offers.

So it's probably an issue of what traffic is supplied to PF_PACKET
sockets bound to the virtual NIC (PF_PACKET sockets being the underlying
OS packet capture mechanism on 2.2 and later Linux kernels).  That's a
Linux networking issue; you might want to ask the SSH Sentinel people
about that.

References:
- [Ethereal-users] Trouble w/ Capture ipsec Traffic Using SSH Sentinel on WinXP
  - From: Mike McCandless

Prev by Date: Re: [Ethereal-users] (no subject)
Next by Date: [Ethereal-users] 'data matches regexp' filter doesn't work ;(
Previous by thread: [Ethereal-users] Trouble w/ Capture ipsec Traffic Using SSH Sentinel on WinXP
Next by thread: [Ethereal-users] 'data matches regexp' filter doesn't work ;(
Index(es):
- Date
- Thread