Vasily Borovyak wrote:
I'm using Ethereal 0.10.3 and WinPCap 3.0. WinXP-SP2 Filter was "port 25". And I've captured both incoming and outgoing packets. So, the problem I think is in the Ethereal sources.
Unlikely, given that Ethereal doesn't do anything particularly unusual with libpcap/WinPcap that would affect this.
There might, however, be a difference in the network adapters you're using. On UN*Xes, networking adapter drivers appear to be written by people a bit more clueful about the needs of traffic capturing programs than the people writing adapter drivers for Windows, unfortunately; 802.11 driver writers are particularly unhelpful (they appear to have a tendency to supply packets *transmitted* by the host in NDIS_PACKET_TYPE_ALL_LOCAL mode but not in NDIS_PACKET_TYPE_PROMISCUOUS mode).
He should try capturing with WinPcap, and see if it behaves the same as Ethereal. If it does, then it's either a WinPcap issue or (and I suspect this might be more likely) a driver issue. If it doesn't, it's probably an Ethereal issue. (With just about *any* problem capturing traffic on WinPcap with any application other than WinDump, the first step should be to try it with WinDump, to see whether the application is likely to be to blame or not.)
================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
To unsubscribe use mailto: [EMAIL PROTECTED]
==================================================================
