Ethereal-users: Re: [Ethereal-users] TCP Filter problem

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Ron Apuzzo <admin@xxxxxxx>
Date: Fri, 27 May 2005 10:38:48 -0500 (CDT)

I will look more into WinPcap thanks! I upgraded WinPcap to 3.1 beta 4 and I got same result. However when I disconnected from VPN and captured on the main ethernet interface on the same host using the same capture filter, I am able to see TCP traffic both way.

Something must be wrong with WinPcap when used with Cisco VPN 3000 adaptor with a capture filter is turned on e.g. tcp port xx or host a.b.c.d (no incoming traffic seen at all). The ethereal host is running on Windows XP SP2.

Thanks for your help,
-Ron

On Fri, 27 May 2005, Ulf Lamping wrote:

Ron Apuzzo wrote:


I downloaded the latest ethereal version 0.10.11 today. I can see all
TCP and other traffic fine. Then I tried to put in a very simple
filter "tcp port 23" and tried to telnet from host A(ethereal host) to
host B. The result is only traffic from host A->B(23) was captured but
not from B(23)->A. Promiscuous mode was turned off.

When I tried other TCP ports, same result! it never captured incoming
traffic to the host running ethereal. Again with no filter I would see
traffic from both directions which makes me believe that this is the
problem of ethereal filtering. This is 100% reproducable.

Any hints or suggestions that I could try? I just want to capture
traffic from A:xxxx <-> B:fixed_port but I want to capture both ways.

As you didn't mention -- the "tcp port 23" looks like a capture filter.

The capture filters are transferred directly to the underlying
libpcap/WinPcap, Ethereal is (and can) nothing do against it.

You may use a different libpcap/WinPcap and/or network card which
behaves differently than before.

Regards, ULFL

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users