While using Ethereal for Microsoft windows using the
GUI interface, I get two interfaces in Capture > Start
(ctrl-K) dialog though I have only one network
interface on my machine to the Ethernet nework. The
two
interfaces that I see are:
Generic NdisWan adapter:
\Device\NPF_GenericNdisWanAdapter
and
Intel(R) PRO/100 VE Network Connection:
\Device\NPF_{D57A1099-3C1A-4303-8203-2F3E1CF511E0}
While selecting the later one I see my network
traffic,
I did not see any packets from the first interface.
However, of late things have got pretty confusing for
me, because when I sniff on the first interface, I am
seeing some packets with Ethernet address
encapsulation. A sample packet printout is appended at
the end of the message.
My questions are:
1- Why do I do two interfaces in the Capture>Start
dialog when I have only one physical interface.
2- What types of packets are these on this other
interface? May be I need to study some more about
IEEE 802.3 with LLC.
Thanks in advance for any help.
A.
;------------------Packet print-out below-----------
No. Time Source Destination
Protocol Info
1 0.000000 34:b9:20:52:41:53
Locate-Directory-Server LLC U, func=UI; DSAP LLC
Sub-Layer Management Group, SSAP LLC Sub-Layer
Management Command
Frame 1 (197 bytes on wire, 197 bytes captured)
Arrival Time: Nov 1, 2005 16:36:55.906250000
Time delta from previous packet: 0.000000000
seconds
Time since reference or first frame: 0.000000000
seconds
Frame Number: 1
Packet Length: 197 bytes
Capture Length: 197 bytes
Protocols in frame: eth:llc:data
IEEE 802.3 Ethernet
Destination: 03:00:00:00:00:02
(Locate-Directory-Server)
Source: 34:b9:20:52:41:53 (34:b9:20:52:41:53)
Length: 180
Trailer: 000000
Logical-Link Control
DSAP: LLC Sub-Layer Management (0x02)
IG Bit: Group
SSAP: LLC Sub-Layer Management (0x02)
CR Bit: Command
Control field: U, func=UI (0x03)
000. 00.. = Command: Unnumbered Information
(0x00)
.... ..11 = Frame type: Unnumbered frame
(0x03)
Data (177 bytes)
0000 52 54 53 53 03 00 00 00 00 00 a8 00 01 00 00 00
RTSS............
0010 25 e0 00 00 42 4c 55 45 00 00 00 00 00 00 00 00
%...BLUE........
0020 00 00 00 00 41 64 6d 69 6e 69 73 74 72 61 74 6f
....Administrato
0030 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
r...............
0040 00 00 00 00 00 00 00 00 34 b9 20 52 41 53 34 b9
........4. RAS4.
0050 20 52 41 53 42 00 4c 00 55 00 45 00 00 00 00 00
RASB.L.U.E.....
0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0070 00 00 00 00 41 00 64 00 6d 00 69 00 6e 00 69 00
....A.d.m.i.n.i.
0080 73 00 74 00 72 00 61 00 74 00 6f 00 72 00 00 00
s.t.r.a.t.o.r...
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00b0 00
.
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com