Mailing List Archive

On Tue, 2004-11-16 at 12:14 -0500, layfieldr@bellsouth.net wrote:
> I have recently downloaded and executed WinPcap_3_0.exe but I cannot
> find anything to launch. I am trying to run Ethereal network
> analyzer. Did you guys change the name to winpcap? Last time I did
> this (over a year ago) it was very simple and straight forward. I
> cannot find anything to launch on my start/programs or running
> ethereal from command line....
>
> What am I doing wrong?

You haven't installed ethereal. You did the right thing -- Winpcap is
needed to run ethereal. Now you just need to download and install
ethereal itself.

http://ethereal.com/download.html

Breen

--
Breen Mullins 408-435-8401x123
SQA Engineer 0xde05499b
Asante Technologies, Inc.

Cresswell Nick-CRSN001 wrote:
> As far as I understand winpcap is invoked when you run the 'capture' command
> from within ethereal.

WinPcap is a library, so it's not invoked in the sense of being run as a
program. It's used by Ethereal...

> I don't know if there's another way to capture packets withou using ethereal.

...and by other programs, such as WinDump:

http://windump.polito.it/

and Analyzer:

http://analyzer.polito.it/

and a variety of other programs, some ported from UN*X (WinPcap is a
port of libpcap - the library used by many UN*X programs that capture
packets, including Ethereal - including a driver that's needed to
capture packets) and some written for Windows.

Muhammad Samy wrote:

> Does any one why doesn't the interface appear in the ethereal interfaces
> for a GPRS connection using TEMS investigation S/W.

If TEMS Investigation works by connecting a handset to a serial or USB
or other port on a PC, and having the handset supply information such as
captured GPRS traffic to an application such as TEMS Investigation on
the host, it's because neither libpcap nor WinPcap know anything about
that. Ericsson would have to contribute libpcap and/or WinPcap code,
and possibly driver code, to support that.

Daniel,

Your question is a bit too generic. Do you know which virus it is and
want to analyse it? Or do you just want to protect your network
against a large number of the viruses?

It sounds to me that you are after the later option. In which case you
actually want something slightly (very?) different from Ethereal. You
want an Intrusion Detection System.
You can find a popular one at http://www.snort.org/. There are others as well.

If you meant something different, perhaps you can explain it in
greater details. You could give a situation that you are trying to
solve, how did you expect Ethereal to help you with it and which exact
step/procedure you are having problems with.

Hope it helps,
Alex.

On Apr 12, 2005 7:12 AM, Daniel Smith <Daniel.Smith@yestelco.com> wrote:
>
> Dear Sir/Madam
>
> I am using the latest version of ethereal. I am trying to use it to find
> out where a virus is coming from can you tell me of any types of packets
> that viruses come in.
>

Are the preferences set the same way on both machines? Specifically
the ones related to packet reassembly and maybe heuristics?

Just a thought,
Alex.

On 4/26/05, w.sell@comcast.net <w.sell@comcast.net> wrote:
> I captured packets on one machine to analyze on another. The first machine indicates the protocols correctly. The second machine indicates that the protocol is unknown (in this case I am looking for TCP and MODBUS). Any idea what is missing from the 2nd box to not recognize the protocols? I download WinPCap and 0.10.10 loads...
>

Thanks Alex,
I checked the 'enabled protocols' with just the ones I needed. This does not work. I selected all protocols and now the packet data is present. Go figure...

/Bill


> Are the preferences set the same way on both machines? Specifically
> the ones related to packet reassembly and maybe heuristics?
>
> Just a thought,
> Alex.
>
> On 4/26/05, w.sell@comcast.net <w.sell@comcast.net> wrote:
> > I captured packets on one machine to analyze on another. The first machine
> indicates the protocols correctly. The second machine indicates that the
> protocol is unknown (in this case I am looking for TCP and MODBUS). Any idea
> what is missing from the 2nd box to not recognize the protocols? I download
> WinPCap and 0.10.10 loads...
> >
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@ethereal.com
> http://www.ethereal.com/mailman/listinfo/ethereal-users

Filter on IP dest&&src combo?


Hansang Bae wrote:

>On 10:22 PM 5/7/2005, Dennis Singh wrote:
>
>
>>Hi,
>>
>>I am doing multiple captures of http traffic and i
>>have numerious workstation sending and receiving.
>>
>>Is there an easy way to seperately list all
>>conversations and the duration of it.
>>
>>So basically i am looking for a tool to decode packets
>>by the start of the conversation to the end of it.
>>
>>Any help is appreciated.
>>
>>

tom gallacher wrote:

> Is there any way to send packs from ethereal using a windows based
> machine?
>
No.

Ethereal won't send any packets regardless of the operating system.

I don't know such a tool myself, you might find one at:
http://wiki.ethereal.com/Tools

Regards, ULFL

tom gallacher wrote:
> Is there any way to send packs from ethereal using a windows based machine?

No. Ethereal doesn't have a "transmit packet" function.

ToSsA H. wrote:
> hi.. where can i find the source code for ethereal for windows(XP)?

From the "Source code" links on

http://www.ethereal.com/download.html

Note that this is a gzipped tar file, *NOT* a zip file, so you'd need
the appropriate program to unpack it. If you're going to build Ethereal
on Windows, you'll probably want to install Cygwin anyway, and Cygwin
should come with gzcat and tar.

_______________________________________________
Ethereal-users mailing list
Ethereal-users@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-users

Ethereal user support <ethereal-users@ethereal.com> schrieb am 28.10.05 15:10:21:
> I have a weird situation. I'm writing an NDIS-WDM driver and when I try to use ethereal with it, the packets all show up in the capture, but the application I'm using to originate and send my packets can't receive packets destined to it. It can send fine, but the receive packets only show up in ethereal, and not in my app. I've tried winpcap 3.0, and 3.1b4, and ethereal 0.10.12. Any ideas? When I close the capturing mode of ethereal, things work fine again with my app. Thanks for your help, Jess Howe
>

I don't know and I don't think it's an Ethereal related problem.

You may ask the WinPcap developers about this, they might be able to help ...

Regards, ULFL
__________________________________________________________________________
Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail-Postfach!
Mehr Infos unter http://freemail.web.de/home/landingpad/?mc=021131

_______________________________________________
Ethereal-users mailing list
Ethereal-users@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-users

Tom Aubrey wrote:
> Do you have a protocol disector for ATM AAL5?

Yes, but Ethereal has to know that a packet is an AAL5 packet in order
to call it.

> I used Pcap on a Nortel router to do the capture,

I.e., the Nortel router *itself* has a processor that can run
libpcap-based applications? If so, what was the DLT_ value for the packets?

If it was your own program that did the capture, it should've used
DLT_SUNATM, with each packet's raw data ("raw data" in the sense of the
data beginning with 0xaa 0xaa 0x03) preceded by a "struct sunatm_hdr"
structure (see wiretap/libpcap.c), containing:

flags = 0x02 (LLC multiplexed traffic)
vpi = the VPI for the connection;
vci = the VCI for the connection.

That would then be readable by Ethereal.

If it was captured by tcpdump supplied by Nortel as part of the router
software, try compiling the attached program and running on the capture,
and then having Ethereal read it; that should convert it to something
Ethereal can read.

> and then converted it to a .atc file.
> The packet contents start with the LLC snap header “aaaa03…”
> but I can’t get Ethereal to decode the packets.

How did you convert it?

If it's .atc file - i.e., a DOS Sniffer file:

the network type should be 10 (for ATM);

each packet should begin with a FRAME4 record (record type 8);

the record header should include a "struct frame4_rec" record header
(see wiretap/ngsniffer.c), and the ATMSaveInfo structure in that header
should have an AppTrafType value of 0x13 (for ATT_HL_LLCMX|ATT_AAL5,
indicating that the packets are AAL5 packets containing LLC-multiplexed
packets).

But if you can convert it with the attached program, so much the better.

Hi,
You can find some traces on the wiki:
http://wiki.ethereal.com/SampleCaptures#head-6c6fb4051dfbe9b992057ea1533
eb8dc85c9a13a

Brg
Anders

-----Original Message-----
From: ethereal-users-bounces@ethereal.com
[mailto:ethereal-users-bounces@ethereal.com] On Behalf Of Nt10
Sent: den 8 maj 2006 15:14
To: ethereal-users@ethereal.com
Subject: [Ethereal-users] (no subject)

Please!!! Please!!!
Can you send traces BICC, SIP-T, sigtran for Ethereal?
_______________________________________________
Ethereal-users mailing list
Ethereal-users@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-users
_______________________________________________
Ethereal-users mailing list
Ethereal-users@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-users

-------------------
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.org and subscribe to wireshark-users@wireshark.org.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------

EDWARD HILL wrote:

> I am using compuware application vantage to read my captures. Vantage
> needs to see the files as a .enc or cap file. When I set up ethereal to
> write to file, I need to save it as an enc or cap. It does not give me
> the option to save type.

Is this a capture that you did with Ethereal?

What type of network device did you capture on? (Ethernet, 802.11, etc.)
_______________________________________________
Ethereal-users mailing list
Ethereal-users@ethereal.com
http://www.ethereal.com/mailman/listinfo/ethereal-users