Adnan Ali wrote:
While using Ethereal for Microsoft windows using the
GUI interface, I get two interfaces in Capture > Start
(ctrl-K) dialog though I have only one network
interface on my machine to the Ethernet nework. The
two
interfaces that I see are:
Generic NdisWan adapter:
\Device\NPF_GenericNdisWanAdapter
This interface is a dialup adapter (very certainly your modem). This
interface will show up (as a kind of "placeholder"), even if you
currently don't have an internet connection through this.
Wan is an abbreviation for "Wide Area Network", see
http://wiki.ethereal.com/CaptureSetup/PPP for PPP/Wan and
http://wiki.ethereal.com/CaptureSetup for general capture setup info.
BTW: You may update to Ethereal 0.10.13 which updates WinPcap too. After
this update this interface shows itself as "Generic dialup adapter"
which makes it a bit more clear what it is...
and
Intel(R) PRO/100 VE Network Connection:
\Device\NPF_{D57A1099-3C1A-4303-8203-2F3E1CF511E0}
This is your actual Ethernet "network card".
While selecting the later one I see my network
traffic,
I did not see any packets from the first interface.
Obviously, you must first have a dialup connection (to the internet)
before getting packets from this interface.
However, of late things have got pretty confusing for
me, because when I sniff on the first interface, I am
seeing some packets with Ethernet address
encapsulation. A sample packet printout is appended at
the end of the message.
My questions are:
1- Why do I do two interfaces in the Capture>Start
dialog when I have only one physical interface.
See above.
2- What types of packets are these on this other
interface? May be I need to study some more about
IEEE 802.3 with LLC.
This depends on the interface type, usually you'll see "faked" Ethernet
packets.
Regards, ULFL