Jack Nerde said:
> Hardware in use:
> IBM ThinkPad T40 w/Intel Pro/1000 MT
Running what version of what OS (if it's Linux, give the kernel version
*and* distribution name and version) and, if it's Windows, what version of
WinPcap?
> The scenario: I have the above noted laptop and an IBM desktop connected
> via a switch. Ethereal is running on the laptop. A piece of software is
> running on laptop, listening on a socket and receiving incoming packets. A
> different program runs on the desktop and sends packets to that port
(using TCP).
>
> I have the following capture filter in use "host a.b.c.d" (where a.b.c.d is
> the IP address of the desktop).
>
> When I do this using ethereal 10.5a, no problem, I capture everything.
> When I do this using ethereal 10.6 ... it only captures packets in 1
> direction (incoming).
I.e., you have 0.10.5a and 0.10.6 both installed on the machine, and if
you run 0.10.5a and 0.10.6 with the *same* options (same interface, same
setting of the promiscuous-mode flag), 0.10.5a sees incoming and outgoing
packets but 0.10.6 sees only incoming packets? (Presumably the outgoing
packets for the application in question are all ACKs.)
> If I reverse the programs, so that the Laptop is sending packets to the
> Desktop (but I still run ethereal on the laptop), then ethereal only seems
> to capture outgoing packets.
So, if you run 0.10.5a and 0.10.6 with the same filter, 0.10.5a sees
incoming and outgoing packets and 0.10.6 sees only outgoing packets?