Wireshark · Ethereal-users: [Ethereal-users] Ethereal Not Capturing All Packets

Ethereal-users: [Ethereal-users] Ethereal Not Capturing All Packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Christopher Collins" <ccollins@xxxxxx>

Date: Thu, 12 Aug 2004 12:06:39 -0300

Ethereal v0.10.4

WinPCAP v3

Is anyone else experiencing problems with Ethereal not capturing all traffic?

We attempted to capture data on a 100Mbps net and only after running TCPDump on the server in question were we able to determine that Ethereal was not capturing all the data.

Description of Scenario based on Ethereal trace

Client would send a DHCP Discovery packet to the DHCP server
DHCP server would respond between 30-120 times with a DHCP Offer
Client would accept DHCP offer with a DHCP Request
DHCP server would respond between 30-120 times with a DHCP Ack

This was captured using multiple versions of Ethereal on various points in the network.

Description of Scenario based on TCPDUMP trace

Client would send between 30-120 DHCP Discovery packets to the DHCP server
DHCP server would respond between 30-120 times with a DHCP Offer
Client would accept DHCP offer with between 30-120 DHCP Requests
DHCP server would respond between 30-120 times with a DHCP Ack

As you can see, Ethereal was not displaying the whole picture. One capture looks like a server problem, while a complete capture looks like a looping or bridging problem.

Follow-Ups:
- Re: [Ethereal-users] Ethereal Not Capturing All Packets
  - From: Guy Harris

Prev by Date: Re: [Ethereal-users] Need Help
Next by Date: RE: [Ethereal-users] Getting "(ethereal.exe:3736): Gtk-CRITICAL **:
Previous by thread: Re: [Ethereal-users] capturing 802.11b management frames
Next by thread: Re: [Ethereal-users] Ethereal Not Capturing All Packets
Index(es):
- Date
- Thread