----- Original Message -----
From: "Jesse Millan" <jessem@xxxxxxxxxx>
To: "Ethereal user support" <ethereal-users@xxxxxxxxxxxx>
Sent: Friday, February 11, 2005 11:23 PM
Subject: Re: [Ethereal-users] Portable version of Ethereal?
Thanks for the responses and sorry for the lack of info.
The CD I am creating is part of a 'suspected compromised server toolkit'
for Windows 2000/2003 servers. And rebooting is really not an option.
The goal is to do some data collection without tampering with the state of
the server too much. Thats why I would love a way to run Ethereal from a
CD and not have to install software on a machine that may be compromised.
And I really was hoping to find out a way for the winpcap stuff to be
loaded from this CD as well.
The problem with WinPcap is that it needs to install a windows kernel driver
to sniff packets (and this requires copying files to the system, and
registering it into the OS). I think that this is one of the main
differences between linux/BSD... and Windows: the former ones have support
for packet capture directly in the kernel (I think most of the times),
windows does not have it.
Regarding the reboot issue, this is not related to Microsoft. It's problem
with winpcap itself: the reboot is NOT necessary if you install it for the
first time on a machine (i.e. no previous versions of winpcap). If there are
older versions of winpcap installed, there can be problems, since older
versions of the driver had a bug that prevented it from unloading gracefully
from memory until the machine is rebooted (and therefore not allowing the
installation of a newer version of the driver).
Have a nice day
GV
Thanks guys.
On Feb 11, 2005, at 1:12 PM, Andrew Hood wrote:
Jesse Millan wrote:
Can anyone give me some pointers to building a completely portable
version of Ethereal? My goal is to have a CDROM that has all the files
i.e. ethereal, winpcap, etc. that is necessary to run Ethereal. We do
not have to install any files on the server itself.
Thanks for any info.
Is your objective to be able to run this on most hardware platforms?
Is rebooting the server acceptable?
IIRC winpcap has to be installed, and depending on circumstances (phase
of the moon, how much money M$ made last week, ...), needs a reboot.
You would probably find you will need to compile for each *nix platform
pointing the target at whereever the CDROM will be mounted to get the
shared libs to work. e.g.
./configure --prefix=/cdrom/linux-x86
./configure --prefix=/cdrom/aix-power
--
There's no point in being grown up if you can't be childish sometimes.
-- Dr. Who
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
---
Jesse Millan
CNS Server Team
Portland State University
Phone: (503) 725-3285
Fax: (503) 725-6487
Mobile: (503) 453-0748
GPG key: www.system-calls.com/gpg.php
It's not a matter of whether the war is not real, or if it is, Victory is
not possible. The war is not meant to be won, it is meant to be
continuous.
Hierarchical society is only possible on the basis of poverty and
ignorance. This new version is the past and no different past can ever
have existed. In principle the war effort is always planned to keep
society on the brink of starvation. The war is waged by the ruling group
against its own subjects and its object is not the victory over either
Eurasia or East Asia but to keep the very structure of society intact.
-George Orwell from his book 1984
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users