> -----Original Message----- > From: stefmit [mailto:[EMAIL PROTECTED] > Sent: martedì 9 settembre 2003 13.45 > To: [EMAIL PROTECTED] > Subject: Re: [WinPcap-users] Syntax for adaptername using windump > (ethereal?!?) and rpcap > > > Fulvio - thank you so much for your answer. I understand now that > ethereal is > hopeless (what a pity!!!).
I agree. Unfortunately, Ethereal folks are not very interested in that. They want to add RPCAP support in the future, but it is not in their highest priority queue. > As I stated in the original message, then repeated it in my last > one: are you > saying that windump SHOULD WORK with this syntax? I have > initially tried all > options suggested in: > > http://winpcap.polito.it/docs/man/html/group__remote__help.html > > but none have worked. I have specifically tried the one suggested by Lee, > simply because it was the one showing up in the analyzer, when > doing a remote > trace, thus one having proven workable. When using windump with > this specific > option - for example - this is what I get: > > D:\analyzer>windump -i > rpcap://[172.16.4.21]/\Device\NPF_{9E34346C-ECB7-4E3E-A3B4-D06437F5C74C} > > windump: listening on > rpcap://[172.16.4.21]/\Device\NPF_{9E34346C-ECB7-4E3E-A3B4-D0643 > > windump: Error opening adapter: The system cannot find the path > specified. I have the WinDump working on my machine: ============================================================================ ============================== C:\cvsroot\analyzer\bin>windump -i rpcap://127.0.0.1/\Device\NPF_{C8736017-F3C3-4373-94AC-9A34B7DAD998} windump: listening on rpcap://127.0.0.1/\Device\NPF_{C8736017-F3C3-4373-94AC-9A34B7DAD998} 14:55:07.458092 arp who-has 192.168.1.1 tell truciolo .... ============================================================================ ============================== Which version are you using? Are you using the latest alpha? > while analyzer works just fine with the same syntax ?!? > > (lines above may be wrapped due to email client setup!) > > PLEASE - one more question (which may actually eliminate the need for an > answer to the above), now that I got your attention: the only reason for > fighting this windump/ethereal with rpcap battle was that the > analyzer does > not seem to read the additional filtering I put in > .\conf\data\filter_list.DAT. I have added, for example, a line like: > > myserver traffic,port 8088 > > but the GUI on the analyzer does not offer this last option among > the ones > listed in the "Available filters" ... do I have to "compile" somehow that > .DAT file into something readable by the analyzer?!? Or what else > could cause this behavior? It should work. You do not have to compile anything. Did you insert some line feed at the end (sometimes it helps...). What about using the newest Analyzer 3.0? You may be impressed by it... Cheers, fulvio > > Thx again, > Stef > > On Tuesday 09 September 2003 03:13 am, Fulvio Risso wrote: > > Hi. > > > > > -----Original Message----- > > > From: stefmit [mailto:[EMAIL PROTECTED] > > > Sent: lunedì 8 settembre 2003 13.13 > > > To: [EMAIL PROTECTED] > > > Subject: Re: [WinPcap-users] Syntax for adaptername using windump > > > (ethereal?!?) and rpcap > > > > > > > > > This is exactly one of the options I have been trying. Please read the > > > original message again. > > > > > > Are you saying that it works for you, as parameter of windump or > > > ethereal (it > > > almost implies you are saying "yes" to the latter)? > > > > Unfortunately, it is "not". > > Ethereal as some very complex (and convoluted) way to start a > capture, and > > this code is not compatible with remote capture. > > > > Concerning the sybtax, the one suggested by Lee Kyung Moon is correct. > > If you have any suggestion about improving the help page, let me know. > > > > Cheers, > > > > fulvio > > > > > I am hoping > > > you are not > > > confusing this with the analyzer, whose syntax for rpcap is > > > trully like the > > > one you mentioned ([] included), but which - to me - was of > no help for > > > either ethereal or windump. I'll go bcak and check again the > versions of > > > these two programs, though I thought I had the latest ... > > > > > > Thx, > > > Stef > > > > > > On Monday 08 September 2003 02:51 am, lee kyung moon wrote: > > > > First you have to know remote machine's adaptername. > > > > and you set adpatername as follow(example) > > > > > rpca://[192.168.10.2]/\Device\NPF_{DA1276CF-7FE4=4C0F-8EE1-0EC96DFC6E96 > > > >} while \Device.. is remote machine's adpatername. > > > > > > > > > > > > From: Tomas Kukosa <[EMAIL PROTECTED]> > > > > > > > > >Reply-To: [EMAIL PROTECTED] > > > > >To: [EMAIL PROTECTED], stefmit <[EMAIL PROTECTED]> > > > > >Subject: Re: [WinPcap-users] Syntax for adaptername using windump > > > > > > > > (ethereal?!?) and rpcap > > > > > > > > >Date: Mon, 08 Sep 2003 07:12:35 +0200 > > > > > > > > > >stefmit wrote: > > > > > > - does anybody know if rpcap can be used in conjunction > > > > > > with ethereal > > > > > > > (0.14) - > > > > > > > > > > and if yes: what is the syntax for remote adapter > (rpcap://?????). > > > > > > > > > >As I know it is not possible now but I am working on it. > > > > > > > > > > Regards, > > > > > Tom > > > > > > > > > > > > > > >================================================================== > > > > > This is the WinPcap users list. It is archived at > > > > > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > > > > > > > > > To unsubscribe use > > > > > mailto: [EMAIL PROTECTED] > > > > >================================================================== > > > > > > > > _________________________________________________________________ > > > > ??? ??? ??? ??? ??... ?? MSN ?????? ?????! > > > > http://groups.msn.com/?pgmarket=ko-kr > > > > > > > > > > > > > > > > ================================================================== > > > > This is the WinPcap users list. It is archived at > > > > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > > > > > > > To unsubscribe use > > > > mailto: [EMAIL PROTECTED] > > > > ================================================================== > > > > > > ====================== > > > This is the WinPcap users list. It is archived at > > > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > > > > > To unsubscribe use > > > mailto: [EMAIL PROTECTED] > > > ====================== > > > > ================================================================== > > This is the WinPcap users list. It is archived at > > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > > > To unsubscribe use > > mailto: [EMAIL PROTECTED] > > ================================================================== > > > > ====================== > This is the WinPcap users list. It is archived at > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > To unsubscribe use > mailto: [EMAIL PROTECTED] > ====================== ================================================================= This is the WinPcap users list. It is archived at http://www.mail-archive.com/[EMAIL PROTECTED]/ To unsubscribe use mailto: [EMAIL PROTECTED] =================================================================
