Vasily Borovyak wrote:
I'm using Ethereal 0.10.3 and WinPCap 3.0. WinXP-SP2
Filter was "port 25".
And I've captured both incoming and outgoing packets.
So, the problem I think is in the Ethereal sources.
Unlikely, given that Ethereal doesn't do anything particularly unusual
with libpcap/WinPcap that would affect this.
There might, however, be a difference in the network adapters you're
using. On UN*Xes, networking adapter drivers appear to be written by
people a bit more clueful about the needs of traffic capturing programs
than the people writing adapter drivers for Windows, unfortunately;
802.11 driver writers are particularly unhelpful (they appear to have a
tendency to supply packets *transmitted* by the host in
NDIS_PACKET_TYPE_ALL_LOCAL mode but not in NDIS_PACKET_TYPE_PROMISCUOUS
mode).
He should try capturing with WinPcap, and see if it behaves the same as
Ethereal. If it does, then it's either a WinPcap issue or (and I
suspect this might be more likely) a driver issue. If it doesn't, it's
probably an Ethereal issue. (With just about *any* problem capturing
traffic on WinPcap with any application other than WinDump, the first
step should be to try it with WinDump, to see whether the application is
likely to be to blame or not.)
==================================================================
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
To unsubscribe use
mailto: [EMAIL PROTECTED]
==================================================================