Feeny, Michael (TD&DS, Applications Infrastructure Svcs.) wrote:
Hi,
I�m a heavy user (and big fan) of Ethereal, and I saw something today
that I hadn�t seen before. I�m curious if folks have seen this, and
have any �wisdom� to impart�
I ran Ethereal (0.10.13) on a machine (�the capture box�), to capture
traffic between it and another machine. When I inspected the resultant
trace file, I saw something that got my attention, so I dug deeper.
When I did, I saw that there were packets missing on the sender
(capture box) side. In other words, the missing packets were not
packets expected to arrive from across the network, but were packets
that the capture box was to send! That was something I had never seen
before. How could packets get lost before you even send them?
So I looked at the NIC on the capture box, and I saw that it was a:
�VMware virtual ethernet interface�.
I don�t know a lot about VMware, but I think I understand the concept
� it emulates one machine/OS while running on another. I talked with a
colleague who knows much more about it, and he informed me that VMware
uses a �virtual� NIC that sits between the virtual machine and the
�real� NIC.
Bottom line: I�m assuming at this point that the strange behavior I�m
seeing is due to this VMware virtual NIC and/or how Ethereal interacts
with it.
Can anyone confirm this, and/or provide suggestions or pointers for
working around it?
Hi Micheal!
I don't work with VMware myself, so no advise from me.
Info: Ethereal don't interact directly with the NIC's, the WinPcap
library is used for this.
You may ask the WinPcap team about this http://www.winpcap.org/, as they
might have a lot more knowledge on this (and of course you should read
their FAQ first to see if they've solve/mentioned your problem before).
Regards, ULFL