Sorry if this has been answered before, but I looked in the archives and
googled all over, and could not find a specific example:
Initially I was trying to use ethereal with rpcap, but could not find anything
for that. Someone pointed me to this list, instead, stating (which makes
sense) that if the syntax is properly identified for windump, ethereal would
understand/use it the same way.
And here is what I am talking about:
- remote machine showing up adapter as:
windump -D ==> \Device\NPF_{whatever}
- tested windump -i \Device\NPF_{whatever} on the remote machine, locally to
it, to make sure the adapter name is right
- moved to the monitoring machine, and tried:
windump -i rpcap://[IP address]/\Device\NPF_{whatever}
windump -i rpcap://[IP address]/\\Device\NPF_{whatever} (thinking that I need
to escape the "\" ?!?)
windump -i rpcap://IP address/\Device\NPF_{whatever} (eliminated the [], which
I found existing in the analyzer syntax)
windump -i rpcap://IP address/\\Device\NPF_{whatever} (same with "\")
windump -i rpcap://IP address\Device\NPF_{whatever} (taking out the "/")
... and so on - many more variations of the above (all taken from the generic
syntax indicated in the
http://winpcap.polito.it/docs/man/html/group__remote__help.html). Have even
tried adapter number (as it seems to be working locally!), to no avail.
Both machines (monitoring and remote) have the latest winpcap and windump.
Questions:
- does anybody know the syntax (example) to be used with windump (please do
NOT send me to the "Using Winpcap Remote Capture" - this is where the problem
is: adaptername is what I do not know what needs to be!)
- does anybody know if rpcap can be used in conjunction with ethereal (0.14) -
and if yes: what is the syntax for remote adapter (rpcap://?????).
TIA,
Stef
==================================================================
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/[EMAIL PROTECTED]/
To unsubscribe use
mailto: [EMAIL PROTECTED]
==================================================================
