> I am confused, some somebody explain to me why having installed this on my
> machine that uses a Xircom dual port dial-up/lan pcmcia card it doesn't
> support capturing on a PPP/WAN interface.
Ethereal can only capture packets if the library/driver/etc. it uses to
capture packets (which are *not* part of Ethereal) can; the WinPcap
library and driver, which it uses on Windows, don't support capturing on
those interfaces on Windows NT (including Windows NT 5.0, a/k/a "Windows
2000").
You should ask the WinPcap developers why that is (I think the problem
might be that some of the plumbing inside the NT kernel only works if
the driver has the same name as the driver that comes with Microsoft
Network Monitor, i.e. Microsoft threw in a hack for the benefit of
NetMon, but I'm not certain of that).
> Does this mean I cannot use it at all
The problem that prevents it from capturing on PPP/WAN interfaces
doesn't prevent it from capturing on LAN interfaces; the Xircom card is
a single *card*, but has two *interfaces* on it (and one of them is, I
suspect, really just a serial port; the actual PPP interface is
implemented by a bunch of code in the kernel that implements the PPP
protocol atop a raw serial line) - the fact that Ethereal may not be
able to capture on one of them (which may just mean that it can open the
device, but won't see any packets) doesn't affect whether it can capture
on the other, as they're completely independent network interfaces from
the software's point of view.
> or am I missing something basic here ?. It can't open my adaptor
You'd have to ask the WinPcap people why that is; Ethereal just calls a
routine in the WinPcap library to open the interface, and, if that
library can open the interface, so can Ethereal.
The WinPcap people can be reached at
winpcap@xxxxxxxxxxxxxxxxxxxxxxx
The home page for WinPcap is at
http://netgroup-serv.polito.it/winpcap/
and the FAQ for it is at
http://netgroup-serv.polito.it/winpcap/misc/faq.htm
which says, among other things
Q-4: Can I use WinPcap on a PPP connection?
A: We have tested WinPcap on PPP connections under Windows 95,
Windows 98 and Windows ME. In Windows 95, due to a bug in NDIS,
WinPcap sometimes resets the PPP connection. In Windows 98/ME
this bug appears to be corrected, and WinPcap seems to work
properly. Under Windows NT and Windows 2000 there are problems
with the binding process, that prevents a protocol driver from
working properly on the WAN adapter.
> That seems daft as why should the application exist for a Win 2000 OS when
> it cannot work.
Because
1) Windows 2000 is not the only Win32 OS, so even if it didn't
work at all on Windows 2000, it would be daft not to make it
available for Windows 95/98/ME or Windows NT 4.0;
2) it *does* work on at least some Windows 2000 machines.
