Wireshark · Ethereal-dev: Re: [Ethereal-dev] MAC Sniffing

Ethereal-dev: Re: [Ethereal-dev] MAC Sniffing

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Mon, 20 Jan 2003 14:16:50 -0800

On Mon, Jan 20, 2003 at 02:59:21PM -0700, Gregory Gordon wrote:
> I've been developing a Windows 2000/XP sniffer for several months now.  I've
> never figured out how to sniff the MAC address though.  It seems that by the
> time the data gets to me, the MAC address and the network header have
> already been removed from the packet by the OS.

If you're using WinPcap, that doesn't happen for Ethernet, at least;
WinDump and Ethereal can report the MAC address - the packet is
delivered complete with Ethernet header, just as happens on other
platforms that support libpcap.

If you're not using WinPcap, try using that instead of whatever else
you're using.

References:
- [Ethereal-dev] MAC Sniffing
  - From: Gregory Gordon

Prev by Date: [Ethereal-dev] MAC Sniffing
Next by Date: Re: [Ethereal-dev] packet-isakmp.c patch
Previous by thread: [Ethereal-dev] MAC Sniffing
Next by thread: [Ethereal-dev] Calling configure at the end of autogen.sh?
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$