Ethereal-users: [Ethereal-users] Ethereal for Windows: Why do I see two interfaces?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
From: Adnan Ali <call_ret@xxxxxxxxx>
Date: Tue, 1 Nov 2005 03:38:45 -0800 (PST)
While using Ethereal for Microsoft windows using the
GUI interface, I get two interfaces in Capture > Start
(ctrl-K) dialog though I have only one network
interface on my machine to the Ethernet nework. The
two
interfaces that I see are:

Generic NdisWan adapter:
\Device\NPF_GenericNdisWanAdapter

and 

Intel(R) PRO/100 VE Network Connection:
\Device\NPF_{D57A1099-3C1A-4303-8203-2F3E1CF511E0}

While selecting the later one I see my network
traffic,
I did not see any packets from the first interface. 

However, of late things have got pretty confusing for
me, because when I sniff on the first interface, I am
seeing some packets with Ethernet address
encapsulation. A sample packet printout is appended at

the end of the message.

My questions are:

1- Why do I do two interfaces in the Capture>Start
dialog when I have only one physical interface.

2- What types of packets are these on this other
interface? May be I need to study some more about
IEEE 802.3 with LLC.

Thanks in advance for any help.

A.
;------------------Packet print-out below-----------

No.     Time        Source                Destination 
         Protocol Info
      1 0.000000    34:b9:20:52:41:53    
Locate-Directory-Server LLC      U, func=UI; DSAP LLC
Sub-Layer Management Group, SSAP LLC Sub-Layer
Management Command

Frame 1 (197 bytes on wire, 197 bytes captured)
    Arrival Time: Nov  1, 2005 16:36:55.906250000
    Time delta from previous packet: 0.000000000
seconds
    Time since reference or first frame: 0.000000000
seconds
    Frame Number: 1
    Packet Length: 197 bytes
    Capture Length: 197 bytes
    Protocols in frame: eth:llc:data
IEEE 802.3 Ethernet 
    Destination: 03:00:00:00:00:02
(Locate-Directory-Server)
    Source: 34:b9:20:52:41:53 (34:b9:20:52:41:53)
    Length: 180
    Trailer: 000000
Logical-Link Control
    DSAP: LLC Sub-Layer Management (0x02)
    IG Bit: Group
    SSAP: LLC Sub-Layer Management (0x02)
    CR Bit: Command
    Control field: U, func=UI (0x03)
        000. 00.. = Command: Unnumbered Information
(0x00)
        .... ..11 = Frame type: Unnumbered frame
(0x03)
Data (177 bytes)

0000  52 54 53 53 03 00 00 00 00 00 a8 00 01 00 00 00 
 RTSS............
0010  25 e0 00 00 42 4c 55 45 00 00 00 00 00 00 00 00 
 %...BLUE........
0020  00 00 00 00 41 64 6d 69 6e 69 73 74 72 61 74 6f 
 ....Administrato
0030  72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 r...............
0040  00 00 00 00 00 00 00 00 34 b9 20 52 41 53 34 b9 
 ........4. RAS4.
0050  20 52 41 53 42 00 4c 00 55 00 45 00 00 00 00 00 
  RASB.L.U.E.....
0060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 ................
0070  00 00 00 00 41 00 64 00 6d 00 69 00 6e 00 69 00 
 ....A.d.m.i.n.i.
0080  73 00 74 00 72 00 61 00 74 00 6f 00 72 00 00 00 
 s.t.r.a.t.o.r...
0090  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 ................
00a0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 ................
00b0  00                                              
 .


	
		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com