Guy Harris wrote:
"Runs" in the sense that "windump -D" reports the device, or "runs" in
the sense that you can do
windump -i \Device\Packet_{58634D63-6C4F-4607-AEB3-A1BBB4EA120A}
and it captures packets?
Yes. Simply yes.
Not astonishing in the least if you know the way that WinDump and
Ethereal generate their lists.
WinDump just dumps the list of devices that WinPcap gives it.
Ethereal, however, actually tries to open the device, as the fact that a
device is reported to exist by some mechanism doesn't mean you can
Maybe the "open" call is done in a different way as windump does ?
Sorry. I did *not*
use the force and read the source ;-)
actually open it with libpcap/WinPcap. (For example, the loopback
device shows up in the list you get from Solaris, but you can't capture
on it.)
Do I have to be "root" (aka Administrator) on my XP Box or is it enough
to be a user with administrative rights to run ethereal ?
Or could it be another process blocking the device ?
The system message however is "file not found" (in German:
"das System kann die angegebene Datei nicht finden").
What happens if you run
windump -i \Device\Packet_{58634D63-6C4F-4607-AEB3-A1BBB4EA120A}
As I told: it "runs" and behaves as expected:
C:\Temp\Giftschrank>windump -i
\Device\Packet_{58634D63-6C4F-4607-AEB3-A1BBB4EA1
20A} icmp
windump: listening on\Device\Packet_{58634D63-6C4F-4607-AEB3-A1BBB4EA120A}
07:56:40.542011 linuxc10.rz.RWTH-Aachen.DE >
nb-hektor.rz.rwth-aachen.de: icmp:
echo request (DF)
07:56:40.542055 nb-hektor.rz.rwth-aachen.de >
linuxc10.rz.RWTH-Aachen.DE: icmp:
echo reply (DF)
07:56:41.533242 linuxc10.rz.RWTH-Aachen.DE >
nb-hektor.rz.rwth-aachen.de: icmp:
echo request (DF)
07:56:41.533290 nb-hektor.rz.rwth-aachen.de >
linuxc10.rz.RWTH-Aachen.DE: icmp:
echo reply (DF)
And as I told: giving the device above to ethereal does not help.
Same with command line option "-i".
Regards, Jens Hektor
