ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-users: Re: [Ethereal-users] Re: ethereal on Win XP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Loris Degioanni" <loris@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 13 Feb 2002 11:16:55 +0100
Note that not only Ethereal, but also windump and all the applications that
rely on winpcap actually try to open every available device when performing
a pcap_lookupdev(). This function uses the PacketGetAdapterNames() function
of packet.dll, which tries to open every adapter it detects to get the
description of the device. In practice, only valid and openable adapters are
returned by pcap_lookupdev() under Win32.

Loris


> > Again: "windump" runs, "ethereal" does not.
>
> "Runs" in the sense that "windump -D" reports the device, or "runs" in
> the sense that you can do
>
> windump -i \Device\Packet_{58634D63-6C4F-4607-AEB3-A1BBB4EA120A}
>
> and it captures packets?
>
> > So here is the output of  "windump -D" (is there a program named
> > "winpcap" ?)
> >
> >     C:\Temp\Giftschrank>windump.exe -D
> >     1.\Device\Packet_{58634D63-6C4F-4607-AEB3-A1BBB4EA120A} (Intel
> >     8255x-based Integrated Fast Ethernet (Microsoft's Packet
Scheduler) )
> >     2.\Device\Packet_NdisWanIp (NdisWan Adapter (Microsoft's Packet
> > Scheduler) )
> >
> > If I insert the 1st device into the Ethereal dropdown as suggested by
> > Thomas,
> > I just get the above mentioned message.
> >
> > With that finding the winpcap people already sent me to
> > "ethereal-users", and now I'm
> > getting bounced back.
> >
> > Astonishing is, that windump offers two interfaces, but ethereal just
> > presents an empty list.
>
> Not astonishing in the least if you know the way that WinDump and
> Ethereal generate their lists.
>
> WinDump just dumps the list of devices that WinPcap gives it.
>
> Ethereal, however, actually tries to open the device, as the fact that a
> device is reported to exist by some mechanism doesn't mean you can
> actually open it with libpcap/WinPcap.  (For example, the loopback
> device shows up in the list you get from Solaris, but you can't capture
> on it.)
>
> What happens if you run
>
> windump -i \Device\Packet_{58634D63-6C4F-4607-AEB3-A1BBB4EA120A}
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube