Ulf Lamping wrote:
You just need the Windows interface name, in your case:
\Device\NPF_{C46A8FBD-5D89-453A-8A37-EE35CF2AA7CE}
should work.
Note also that both Tethereal and WinDump will, when run with the "-D"
flag, list the available interfaces along with numbers; you can use the
number in place of the long ugly Windows interface name. (That also
works in newer versions of Tethereal and tcpdump on at least some
versions of UN*X, but UN*X interface names aren't long ugly names with
GUIDs in them, so that feature isn't as useful.)
Please note that Ethereal/Tethereal is not the best way to do such
things (e.g. it keeps conversation related information which will grow
memory consumption).
Tethereal, if you're capturing to a file with "-w", and not requesting
that dissection also be done (i.e., if you *didn't* specify "-S"),
shouldn't do any dissection, so it shouldn't keep conversation-related
information, so it shouldn't leak memory.
You might try windump (which uses the same file
format) for that purpose instead.
To save the capture in a form Ethereal or Tethereal can read, use "-w".
Note also that WinDump, like tcpdump, defaults to a snapshot length of
68 bytes (if not built with IPv6 support) or 96 bytes (if built with
IPv6 support), so you'll only get the first 68 or 96 bytes of packet
data, by default. You'd need to specify "-s 0" (or, on older versions
of WinDump/tcpdump, "-s 65535") to get the entire packet.