Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: RE: [Ethereal-users] 'any' on Solaris 10?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Stefan A." <lists@xxxxxxxx>
Date: Fri, 22 Jul 2005 22:58:46 +0200
Guy,

Thanks for your answer.

> So those are packets being sent to another machine, rather than being 
> sent from the machine to itself?
> 

No, the connection came from my box to an other box. I saw no outgouing
trafic, but the incoming answers.
It was all UDP (RADIUS) and initiated by Perl client SW (Authen::RADIUS)
using an subinterface.

Using the physical Interface, it was OK.
Disabeling the promiscous mode: anything worked fine, even on the
subinterfaces.

I've no clue, if it would have worked on my SuSe 9.1, because there I's
using the any interface, which did not support the p-mode anyway.

Anything works fine for me now (ruled by Solaris :), this last question was
just interesting to me.

Tx again.
Rg. Stefan


> 
> Stefan A. wrote:
> 
> > I'm new to Solaris but have been using ethereal for some years.
> > 
> > (1) on SuSe 8and on Windows?), there is an 'any' interface 
> available, which
> > captures all packets on all interfaces.
> 
> Linux has it, Windows doesn't.  The Linux networking stack 
> lets you have 
> a PF_PACKET socket that's not bound to a network interface, and that 
> receives packets from all interfaces.  WinPcap doesn't 
> support that; it 
> might be that NDIS doesn't let you capture packets without 
> connecting to 
> a particular interface.
> 
> > On Solaris (eri and qfe) this interface seems to be not available.
> 
> DLPI, as used on various OSes including Solaris, doesn't support that 
> either, so there's no "any" device.
> 
> > (2) I'm using a lot of subinterfaces on the box (qfe0:1 ... 
> 18). What I've
> > expirienced in addition is, that I can not see packets sent from one
> > subinterface to an other (e.g. qfe0:2 > qfe0:6), which I 
> have to use fpor
> > testing purposes.
> 
> Packets sent from a machine to itself are, as far as I know, 
> on Solaris, 
> not supplied to DLPI, and are therefore uncapturable by libpcap.
> 
> > (3) An other thing: If I'm using the promiscous mode on the 
> Interface, I can
> > not see any packets leaving th box over a subinterface. The 
> answers are
> > captured fine. (e.g. I see the RADIUS Access Accept and two 
> Accounting ACKs
> > for a single RADIUS Session).
> 
> So those are packets being sent to another machine, rather than being 
> sent from the machine to itself?
> > _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube