Fulvio - thank you so much for your answer. I understand now that ethereal is hopeless (what a pity!!!).
As I stated in the original message, then repeated it in my last one: are you saying that windump SHOULD WORK with this syntax? I have initially tried all options suggested in: http://winpcap.polito.it/docs/man/html/group__remote__help.html but none have worked. I have specifically tried the one suggested by Lee, simply because it was the one showing up in the analyzer, when doing a remote trace, thus one having proven workable. When using windump with this specific option - for example - this is what I get: D:\analyzer>windump -i rpcap://[172.16.4.21]/\Device\NPF_{9E34346C-ECB7-4E3E-A3B4-D06437F5C74C} windump: listening on rpcap://[172.16.4.21]/\Device\NPF_{9E34346C-ECB7-4E3E-A3B4-D0643 windump: Error opening adapter: The system cannot find the path specified. while analyzer works just fine with the same syntax ?!? (lines above may be wrapped due to email client setup!) PLEASE - one more question (which may actually eliminate the need for an answer to the above), now that I got your attention: the only reason for fighting this windump/ethereal with rpcap battle was that the analyzer does not seem to read the additional filtering I put in .\conf\data\filter_list.DAT. I have added, for example, a line like: myserver traffic,port 8088 but the GUI on the analyzer does not offer this last option among the ones listed in the "Available filters" ... do I have to "compile" somehow that .DAT file into something readable by the analyzer?!? Or what else could cause this behavior? Thx again, Stef On Tuesday 09 September 2003 03:13 am, Fulvio Risso wrote: > Hi. > > > -----Original Message----- > > From: stefmit [mailto:[EMAIL PROTECTED] > > Sent: lunedì 8 settembre 2003 13.13 > > To: [EMAIL PROTECTED] > > Subject: Re: [WinPcap-users] Syntax for adaptername using windump > > (ethereal?!?) and rpcap > > > > > > This is exactly one of the options I have been trying. Please read the > > original message again. > > > > Are you saying that it works for you, as parameter of windump or > > ethereal (it > > almost implies you are saying "yes" to the latter)? > > Unfortunately, it is "not". > Ethereal as some very complex (and convoluted) way to start a capture, and > this code is not compatible with remote capture. > > Concerning the sybtax, the one suggested by Lee Kyung Moon is correct. > If you have any suggestion about improving the help page, let me know. > > Cheers, > > fulvio > > > I am hoping > > you are not > > confusing this with the analyzer, whose syntax for rpcap is > > trully like the > > one you mentioned ([] included), but which - to me - was of no help for > > either ethereal or windump. I'll go bcak and check again the versions of > > these two programs, though I thought I had the latest ... > > > > Thx, > > Stef > > > > On Monday 08 September 2003 02:51 am, lee kyung moon wrote: > > > First you have to know remote machine's adaptername. > > > and you set adpatername as follow(example) > > > rpca://[192.168.10.2]/\Device\NPF_{DA1276CF-7FE4=4C0F-8EE1-0EC96DFC6E96 > > >} while \Device.. is remote machine's adpatername. > > > > > > > > > From: Tomas Kukosa <[EMAIL PROTECTED]> > > > > > > >Reply-To: [EMAIL PROTECTED] > > > >To: [EMAIL PROTECTED], stefmit <[EMAIL PROTECTED]> > > > >Subject: Re: [WinPcap-users] Syntax for adaptername using windump > > > > > > (ethereal?!?) and rpcap > > > > > > >Date: Mon, 08 Sep 2003 07:12:35 +0200 > > > > > > > >stefmit wrote: > > > > > - does anybody know if rpcap can be used in conjunction > > > > with ethereal > > > > > (0.14) - > > > > > > > > and if yes: what is the syntax for remote adapter (rpcap://?????). > > > > > > > >As I know it is not possible now but I am working on it. > > > > > > > > Regards, > > > > Tom > > > > > > > > > > > >================================================================== > > > > This is the WinPcap users list. It is archived at > > > > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > > > > > > > To unsubscribe use > > > > mailto: [EMAIL PROTECTED] > > > >================================================================== > > > > > > _________________________________________________________________ > > > ??? ??? ??? ??? ??... ?? MSN ?????? ?????! > > > http://groups.msn.com/?pgmarket=ko-kr > > > > > > > > > > > > ================================================================== > > > This is the WinPcap users list. It is archived at > > > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > > > > > To unsubscribe use > > > mailto: [EMAIL PROTECTED] > > > ================================================================== > > > > ====================== > > This is the WinPcap users list. It is archived at > > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > > > To unsubscribe use > > mailto: [EMAIL PROTECTED] > > ====================== > > ================================================================== > This is the WinPcap users list. It is archived at > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > To unsubscribe use > mailto: [EMAIL PROTECTED] > ================================================================== ================================================================= This is the WinPcap users list. It is archived at http://www.mail-archive.com/[EMAIL PROTECTED]/ To unsubscribe use mailto: [EMAIL PROTECTED] =================================================================
