Ethereal-users: Re: [Ethereal-users] New to capturing, ?about capturing from specific IP
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
Guy Harris on Fri, 10 Dec 2004 14:07:51 -0800 said:
> ...which means you will have to wait until somebody with software
> capable of reading that particular file looks at your mail
I can, I looked. It's a beautiful high definition high colour representation of an error message that has nothing to do with capture filters and probably very little to do with Ethereal: "The capture session could not be initiated (Error opening adapter: The system cannot find the device specified.).", plus note about WinPcap and PPP/WAN interfaces.
Richard, I think the capture filters suggested in previous messages were correct but you haven't got that far yet. I suggest you use no filter for now - first get to a state where you can capture anything! Go to the "Interface" drop-down box in the Capture Options dialog and click on the down arrow. Windows interface names are usually not helpful, I suggest you try each in turn and see what happens. When you've identified them you can give them meaningful names (Edit > Preferences > Capture > Interfaces: Edit).
If none of the interfaces works the problem is probably with WinPcap. Which version are you using?
Try WinDump in place of Ethereal. This is always a good idea if you suspect a WinPcap problem, or need to distinguish between a WinPcap problem and an Ethereal problem. You can get WinDump from http://windump.polito.it/
If WinDump has the same problem as Ethereal, then it's a WinPcap problem. Go to http://winpcap.polito.it/contact.htm
If WinDump works but Ethereal doesn't, it's an Ethereal problem. Continue with this thread.
Further to Guy's comments about screenshots and big downloads: It was the rtf file that caused the real pain. I guess you used Rich Text Format so it could be opened by non-MS Office programs, but you should have checked the file sizes! The rtf was about 20 times bigger than the doc.
Suggestion for developers: It might be a good idea to also send error text to stderr if there's a console window open, and add an FAQ instructing people submitting problem reports to open a console window. Many people believe that you can't copy text from a Windows console, but (at least in my experience) you can. The method may change with different versions. Generally: Click on the icon at the left of the console window's title. Select Edit > Mark from the menu. The cursor changes to a flashing blob at the top left. Use the mouse or shift+arrows to mark all the text you want. Press return (not control-C). The marking disappears, the previous cursor returns and you may think nothing's happened, but the text has been copied. Go to your email or text editor and paste.
Julian.
