On Mon, Jul 12, 2004 at 01:49:41PM +0200, Thomas Andlauer wrote:
> My problem with Ethereal is that when I do not use any filter everything is
> Ok and the capture works fine, but when I use a filter during capture, even
> a simple "tcp" filter, Ethereal doesn't filter incomming traffic.
> I tried with "host <my ip>" too, but the problem is the same, with firewall
> disable or not, on Windows 98 and Windows XP pro.
>
> My internet connection is an ADSL connection with a USB modem.
That's probably going to look like a PPP device (PPPoE? PPPoA?), in
which case, on Windows, it's probably going to be handled, if you're
using WinPcap 3.1, by the Microsoft Network Monitor driver, at least on
Windows NT (including NT 5.1, a/k/a "Windows XP").
In that case, there might be a WinPcap bug - for captures handled by the
WinPcap driver, filtering should work, but there might be bugs in the
user-mode filtering done on captures handled by the Network Monitor
driver.
Try capturing with WinDump:
http://windump.polito.it/
and if you have the same problem with WinDump, report it as a bug to the
WinPcap developers:
http://winpcap.polito.it/contact.htm