On Tue, 30 Nov 2004, Christopher W. Huffstutler wrote:
I am running rpcapd on my router. I have two PCs off this router that I
want to capture the data remotely. Both PCs can capture this remote data
using Analyzer or WinDump without problem, however, one PC will not capture
any remote packets using Ethereal (however it is able to capture local
adapter packets fine).
Here is the configuration of each computer:
PC 1 (Works Fine with everything):
Windows XP SP1
Ethereal 0.10.7
WinPCap 3.0 alpha3
PC 2 (Works Fine with everything EXCEPT Ethereal using rpcap):
Windows XP SP2
Ethereal 0.10.7
WinPCap 3.1 beta 4
I have tried downgrading PC 2 to WinPCap 3.0, but that didn't have any
effect. I also have Windows SP2 firewall disabled. Also, as I stated, I am
able to use rpcap on PC 2 with other programs fine (such as Analyzer and
WinDump).
Anyone else experiencing this?
I'm having similiar problems here:
Windows 200 SP4
Ethereal 0.10.8
WinPCap 3.1beta4
Windump 3.8.3beta
Windump runs perfect, Ethereal connects to the remote pcap, but I don't
get any packets.
Uri is: rpcap://192.168.32.143/prism0
Trace from W2K port unpriviledged to rpcap port 2002:
W2K sends:
00000000 00 08 00 00 00 00 00 08 00 00 00 00 00 00 00 00 ........
........
rpcapd answers:
00000000 00 88 00 00 00 00 00 00 ........
W2K sends:
00000010 00 03 00 00 00 00 00 06 70 72 69 73 6d 30 ........ prism0
rpcapd answers:
00000008 00 83 00 00 00 00 00 08 00 00 00 77 00 00 00 00 ........
...w....
============================================================================
Up to here the trace is identical, in the non working ethereal case
nothing happens here, with windump it goes further and W2K sends some
information ...
Any ideas?
Ciao,
Gerhard