Guy, your suggestion to open up preferences, and then
select Save did the trick. I closed Ethereal, then
reopened it, started packet sniffing and I see it
capturing my mail.yahoo.com packets!!
Thanks for letting me know about that bug... it was
driving me buggy! :)
Anthony
--- Guy Harris <gharris@xxxxxxxxx> wrote:
> On Thu, Jul 05, 2001 at 12:43:07PM -0700, Anthony
> Abby wrote:
> > I can see lots of ARP, BROWSER, and DNS packets
> being
> > captured off the line,
>
> With the exception of the DNS packets, those tend to
> be broadcast
> packets, so this sounds like a promiscuous-mode or
> switched-network
> issue.
>
> > but I do not see any packets
> > being capture related to http/smtp/pop
>
> Those are TCP-based protocols, so those packets
> aren't broadcast
> packets.
>
> > When I started the packet sniffing I had selected
> to
> > capture in promiscuous mode and didn't receive an
> > error, although I'm not sure I would or not if my
> NIC
> > will not support promiscuous mode.
>
> 1) It's conceivable that the NIC doesn't support
> promiscuous mode, or
> that the driver doesn't enable it, but if it's an
> Ethernet interface,
> that's *probably* not the problem.
>
> 2) Due to a bug in Ethereal 0.8.18, if, in that
> version, you do an
> "Update list of packets in real time" capture, it
> won't run in
> promiscuous mode, even if you've selected it,
> unless Ethereal is
> explicitly configured to do promiscuous captures
> by default.
>
> To configure it to do promiscuous captures by
> default, do a
> promiscuous-mode capture, stop the capture,
> select the "Preferences"
> item under the "Edit" menu, and click "Save", and
> then exit Ethereal.
>
> 3) Even if promiscuous mode *is* enabled, if you're
> on a switched
> network (note that some "hubs" are, in fact,
> switches), a machine
> running on one port probably won't see any
> unicast traffic other than
> traffic to or from that machine.
>
> To get around that, you'd have to set up the port
> into which the
> machine running Ethereal (or any *other* packet
> analyzer; that
> problem isn't specific to Ethereal) is plugged so
> that traffic on
> other ports is "mirrored" to that port. Not all
> switches necessarily
> support that type of "port mirroring", and the
> way it's done is
> dependent on the switch - I don't know how to
> configure any
> particular switches to do that, you'd have to
> check the documentation
> for the switch.
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
