Wireshark · Ethereal-users: Re: [Ethereal-users] gryphon.dll and mgcp.dll

Ethereal-users: Re: [Ethereal-users] gryphon.dll and mgcp.dll

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Sun, 18 Feb 2001 18:34:01 -0800 (PST)

> > I just downloaded both "ethereal-0.8.15-capture.zip" and
> > "ethereal-0.8.15-non-capture.zip", and the UNIX "unzip" program extracts
> > both "gryphon.dll" and "mgcp.dll".
> 
> Thank you very much, Mr. Harris.  I thought that the extra DLLs, gryphon.dll
> and mgcp.dll, would be in one of the extra DLLs zip file, not in the ethereal
> zip file itself.

Nope, the "extra DLL's" are extra DLLs in the package of GTK+/GLib
libraries; "gryphon.dll" and "mgcp.dll" are part of Ethereal itself.

> I do have one more question, though, and this one isn't quite as silly - at
> least, I don't think it is.  I got everything up and running, I go to start
> the capture, and everything starts up great.  I'm running no filters,
> capturing 0(infinite) number of packets, but then the count of packets
> sniffed just stays at zero, as though there was no network traffic at all.  I
> look down at the lights on my network card, and there is traffic hitting my
> adapter.  I even created a little traffic myself by loading up netscape or
> FTP or something.  The traffic just won't register in Ethereal.  I've checked
> to see that my packet recognition protocol is installed, and it is.
> 
> One probable cause in my mind is that I have my packet recognition protocol
> (winpcap) improperly installed.  I've checked it, though, and it seems to be
> installed okay.  I did want to check to see if I've got the right one,
> though.  The one I have installed right now is called "Network Packet Driver
> for Win95/98 v 2.02 -> Dial-Up Adaptor".  At least, that what the title is
> for the protocol in my network properties window.  I'm not doing this on my
> dial up adapter, I'm using a NIC, so I'm not sure why the protocol says
> that.  Is this the wrong driver?  In the properties for this protocol,
> there's nothing there to change its bindings.

I'm not familiar with all the peculiarities of the WinPcap driver on
Windows 9x (I just run it on NT), so I'll just forward the question to
ethereal-users - I forget whether the WinPcap developers read it, or
ethereal-dev, or both.

You might want to try downloading WinDump:

	http://netgroup-serv.polito.it/windump/

and, if that also sees no traffic, asking
"winpcap@xxxxxxxxxxxxxxxxxxxxxxx" about it (as per the WinPcap home
page:

	http://netgroup-serv.polito.it/winpcap/

which says "Please send bug reports to winpcap@xxxxxxxxxxxxxxxxxxxxxxx.").

> Another problem might have something to do with my limited understanding of
> my own network.  We're using a cable modem here at home.  The cable modem
> runs to a network hub, then to four different computers, including mine.
> Traffic is constantly running on the line (my Tx/Rx light is always
> blinking), and my understanding was that the cable modem broadcasts all
> messages, much like an Ethernet.  If I am mistaken, and the protocol running
> over our cable line is unique to AT&T Broadband, it is very likely that the
> packets would be unrecognizable to Ethereal.  That would explain this too.

Ethereal listens only on the network segment to which the machine on
which it's running is attached.  Your network appears to consist,
roughly, of

	1) an Ethernet segment implemented by the hub (although things
	   are more complicated if it's a switching hub);

	2) a cable-modem-link-layer-protocol (whatever protocol that
	   might happen to be; I don't know if they all use IEEE 802.14
	   protocols, or not) segment, to which your cable modem is
	   attached.

The only machine in your house attached to the latter segment is your
cable modem, and Ethereal presumably isn't running on that, it's
running on a computer attached to the hub, i.e. on the Ethernet segment.

Therefore, the traffic is sees is Ethernet traffic on the particular
Ethernet cable going between your machine and the hub, which means, it's
not going to see frames whose link-layer protocol is the protocol used
on the cable modem segment, it's going to see Ethernet frames.

There may be some proprietary protocols used *on top of Ethernet*, but
those would be "unrecognizable to Ethereal" only in the sense that it'd
display them as Ethernet packets (or IEEE 802.3 packets) with an unknown
type/DSAP/whatever; it'd still see them.

Prev by Date: Re: [Ethereal-users] make failure with redhat 7.0.90 "fisher"
Next by Date: RE: [Ethereal-users] make failure with redhat 7.0.90 "fisher"
Previous by thread: Re: [Ethereal-users] gryphon.dll and mgcp.dll
Next by thread: [Ethereal-users] make failure with redhat 7.0.90 "fisher"
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$