ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: [ethereal-dev] Re: Problems in the "Ethereal"

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Fri, 24 Dec 1999 00:29:51 -0800
> Here's the problem:
> 
> I d/l'ed an RPM, (don't remember which release) and installed it and
> tested it out, and it worked great!
> 
> Then I did the same on my laptop, and it worked great!
> 
> Then I went back to my desktop and it didn't work so great.

What precisely was it doing other than working correctly?

> I fooled
> with it for a time, then decided to just reinstall it.  This time it
> wouldn't take an RPM,

What were the problems (exact error messages, etc.) you saw when you
tried to reinstall it?

> so I got a tar-ball.  Still couldn't get it to install.

What were the problems (exact error message, etc.) that you saw when you
tried to reinstall it?

> Tried to delete all the old files that I could find and do a clean
> install.  Still no luck.
> 
> Back to the laptop, it's still working just fine.
> 
> Any ideas, or clues?

As I don't know what the symptoms were, no, no ideas yet - we'd need a
lot more information to even guess what the problem might be.

> Also, interestingly enough, when I checked the packets between my laptop
> and desktop, PortSentry, picked up the sniff, and locked me out in
> /etc/hosts/deny.
> 
> And all the time I thought Ethereal was passive......Oh well!

Define "passive".  Ethereal isn't a port-sniffer, in the sense of
something that tries to connect to lots of TCP ports or send packets to
lots of UDP ports; it uses a network device, which it puts into
promiscuous mode (to see all traffic on the network) if the device
supports that, to listen to traffic.

It isn't "passive" in the sense of doing *no* network operations of its
own - it may try to resolve host names, at least when it's reading a
capture file (which happens while it's capturing with "Update list of
packets in real time" enabled), so it may make DNS or NIS or... 
requests, and, if you're running it on a machine other than the one your
display is on, it'll also send X traffic over the wire to the X server.

Did PortSentry log any messages when it locked out the host on which you
were running Ethereal?  What was the entry it put in the "hosts/deny"
file?  Are you *certain* that it was Ethereal, and not some other
program, that it considered to be a port-sniffer?

> I would really like to get Ethereal re-installed on my desktop if you
> have any suggestions.
> 
> It's an AMD K6-2 350 128mb RAM, SuSE6.3 OS
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube