Ethereal-users: [Ethereal-users] Libcrypto.so.0
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Berry, Richard" <BerryR@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 7 Nov 2001 09:02:25 -0600
I was just trying to load Ethereal 0.8.20 (and 0.8.19 when that didn't work) on RH Linux 7.2. When either trying to install the RPM's, it says that it needs libcrypto.so.0. I have the newest version of openssl installed on the box, but it doesn't seem to do any good. This also happened in 7.1. I know there's something obvious I'm overlooking, but my Linux background isn't as deep as I'd like (or as it's going to be). Any ideas? (I tried compiling the source, but ran into similar problems; if it would help, I can put the specific messages here). Richard Berry LAN Engineer - Principal "Si hoc legere scis numium eruditionis habes." -----Original Message----- From: ethereal-users-request@xxxxxxxxxxxx [mailto:ethereal-users-request@xxxxxxxxxxxx] Sent: Wednesday, November 07, 2001 6:31 AM To: ethereal-users@xxxxxxxxxxxx Subject: Ethereal-users digest, Vol 1 #453 - 14 msgs Send Ethereal-users mailing list submissions to ethereal-users@xxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit http://www.ethereal.com/mailman/listinfo/ethereal-users or, via email, send a message with subject or body 'help' to ethereal-users-request@xxxxxxxxxxxx You can reach the person managing the list at ethereal-users-admin@xxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Ethereal-users digest..." Today's Topics: 1. New User - Capture filter question (jeanne_gaskill@xxxxxxxxxxxxxx) 2. Information on Internet packet monitoring/analysis (jeanne_gaskill@xxxxxxxxxxxxxx) 3. Re: New User - Capture filter question (Guy Harris) 4. RE: tethereal - turning dissectors off (David Erickson) 5. Re: question about CLNP (Guy Harris) 6. Re: tethereal - turning dissectors off (Guy Harris) 7. Re: Sniffing on HP Token Ring cards (Guy Harris) 8. problem with reading AIX iptrace file (apparently giop creates a problem) (Porky Pig) 9. Re: problem with reading AIX iptrace file (apparently giop creates a problem) (Guy Harris) 10. Ethereal question (David Labanda) 11. beaconing packet (Peter Rennert) 12. Ethereal Does not load (Rodney Womack) --__--__-- Message: 1 To: ethereal-users@xxxxxxxxxxxx From: jeanne_gaskill@xxxxxxxxxxxxxx Date: Tue, 6 Nov 2001 11:09:10 -0800 Subject: [Ethereal-users] New User - Capture filter question This is a multipart message in MIME format. --=_alternative 0069CB2188256AFC_= Content-Type: text/plain; charset="us-ascii" I have not been able to make sense of the TCPDump man page and have never worked with TCPDump before. Please help with a couple of questions to get me started. I think I'll be able to make sense of the man page after that. Q1: If I wanted to apply a capture filter so that I could capture say three different types of packets, what would the exact syntax be. For arguments sake, let's say I want to capture TCP, AARP and DNS packets. Q2: If I wanted to view only traffic to or from a particular IP address and only see packets of the same three types I mentioned above, what would the exact syntax be. Thanks in advance for this info. Jeanne --=_alternative 0069CB2188256AFC_= Content-Type: text/html; charset="us-ascii" <br><font size=2 face="sans-serif">I have not been able to make sense of the TCPDump man page and have never worked with TCPDump before. Please help with a couple of questions to get me started. I think I'll be able to make sense of the man page after that.</font> <br> <br><font size=2 face="sans-serif">Q1: If I wanted to apply a capture filter so that I could capture say three different types of packets, what would the exact syntax be. For arguments sake, let's say I want to capture TCP, AARP and DNS packets.</font> <br> <br><font size=2 face="sans-serif">Q2: If I wanted to view only traffic to or from a particular IP address and only see packets of the same three types I mentioned above, what would the exact syntax be.</font> <br> <br><font size=2 face="sans-serif">Thanks in advance for this info.</font> <br> <br><font size=2 face="sans-serif">Jeanne</font> <br> --=_alternative 0069CB2188256AFC_=-- --__--__-- Message: 2 To: ethereal-users@xxxxxxxxxxxx From: jeanne_gaskill@xxxxxxxxxxxxxx Date: Tue, 6 Nov 2001 11:20:28 -0800 Subject: [Ethereal-users] Information on Internet packet monitoring/analysis This is a multipart message in MIME format. --=_alternative 006AD3CF88256AFC_= Content-Type: text/plain; charset="us-ascii" Hi, I work with Sniffer Po and Microsoft Network Monitor sniffs. I am also beginning to use Ethereal as well. I think I like it alot better than Microsoft Network Monitor, but I am still experimenting. Does anyone know of any books or internet sites that have good information on monitoring/analyzing internet traffic. I can find lots of things on network (Lan/Wan) monitoring and analysis, but very little on monitoring/analyzing internet traffic. I am definitely applying a number of things I am finding at this level to my work. But the network monitoring/analysis resources that I can find do not seem to directly address a number of the types of issues that I am working with. I am especially looking for things on what various anomylous patterns mean (i.e. many multiple acks to the same packet, abnormally large #s of resets, other unusual patterns, ...), information on using sniffer traces for latency analysis, and just general troubleshooting hints for analyzing breakdowns or slowdowns in communication between internet sites. This would be very useful information which I could compare against and/or incorporate into the procedures we are already using/developing on our own. Thanks in advance for any leads anyone can provide. Jeanne --=_alternative 006AD3CF88256AFC_= Content-Type: text/html; charset="us-ascii" <br><font size=2 face="sans-serif">Hi,</font> <br> <br><font size=2 face="sans-serif">I work with Sniffer Po and Microsoft Network Monitor sniffs. I am also beginning to use Ethereal as well. I think I like it alot better than Microsoft Network Monitor, but I am still experimenting.</font> <br> <br><font size=2 face="sans-serif">Does anyone know of any books or internet sites that have good information on monitoring/analyzing internet traffic. I can find lots of things on network (Lan/Wan) monitoring and analysis, but very little on monitoring/analyzing internet traffic. I am definitely applying a number of things I am finding at this level to my work. But the network monitoring/analysis resources that I can find do not seem to directly address a number of the types of issues that I am working with. I am especially looking for things on what various anomylous patterns mean (i.e. many multiple acks to the same packet, abnormally large #s of resets, other unusual patterns, ...), information on using sniffer traces for latency analysis, and just general troubleshooting hints for analyzing breakdowns or slowdowns in communication between internet sites. This would be very useful information which I could compare against and/or incorporate into the procedures we are already using/developing on our own.</font> <br> <br><font size=2 face="sans-serif">Thanks in advance for any leads anyone can provide.</font> <br> <br><font size=2 face="sans-serif">Jeanne</font> <br> --=_alternative 006AD3CF88256AFC_=-- --__--__-- Message: 3 From: Guy Harris <guy@xxxxxxxxxx> Subject: Re: [Ethereal-users] New User - Capture filter question To: jeanne_gaskill@xxxxxxxxxxxxxx Date: Tue, 6 Nov 2001 11:52:04 -0800 (PST) Cc: ethereal-users@xxxxxxxxxxxx > Q1: If I wanted to apply a capture filter so that I could capture say > three different types of packets, what would the exact syntax be. For > arguments sake, let's say I want to capture TCP, AARP and DNS packets. It would be tcp or aarp or port domain (the third of those selects DNS packets on port 53, assuming that the OS you're using will translate "domain" to 53 in its "getservbyname()" call; that should be true of most if not all modern UNIXes, and appears to be true on my Windows 2000 machine, at least). > Q2: If I wanted to view only traffic to or from a particular IP address > and only see packets of the same three types I mentioned above, what would > the exact syntax be. host 208.66.74.60 and (tcp or aarp or port domain) --__--__-- Message: 4 Subject: RE: [Ethereal-users] tethereal - turning dissectors off Date: Tue, 6 Nov 2001 12:16:46 -0800 From: "David Erickson" <derickson@xxxxxxx> To: "Guy Harris" <guy@xxxxxxxxxx> Cc: <ethereal-users@xxxxxxxxxxxx> Is there a way to achieve the desired result by modifying the make file or removing files from the source repository and building tethereal without the unwanted sub-dissectors? i.e. is tethereal built in such a way that subdissectors can be cleanly and simply removed?=20 -----Original Message----- From: Guy Harris [mailto:guy@xxxxxxxxxx] Sent: Friday, November 02, 2001 2:51 PM To: David Erickson Cc: ethereal-users@xxxxxxxxxxxx Subject: Re: [Ethereal-users] tethereal - turning dissectors off > Is there a way to run tethereal with specified protocol dissectors > turned off? No. Nobody's written code to do that yet. --__--__-- Message: 5 From: Guy Harris <guy@xxxxxxxxxx> Subject: Re: [Ethereal-users] question about CLNP To: =?ISO-8859-1?Q?=22Garc=EDa=2C_Federico=22?= <fedgarcia@xxxxxxxxxxxx> Date: Tue, 6 Nov 2001 12:20:27 -0800 (PST) Cc: ethereal-users@xxxxxxxxxxxx > I dont understand why Ethereal works with CLNP (ISO-8473) but I can=B4t > find anything about filtering this with Windump/Winpcap. The reason why you can't find anything in the documentation is because the man page on the WinDump site hasn't yet been updated to the tcpdump 3.6.2 man page, even though the current version of WinDump is 3.6.2, based on tcpdump 3.6.2. Note, however, that the current version of WinPcap is still 2.2, based on libpcap 0.5. The documentation for the filter expressions handled by libpcap/WinPcap is in the tcpdump/WinDump man page, not the libpcap/WinPcap man page. This means that if they were to update the man page, it would not match what the current version of WinPcap can do, so perhaps it's OK that they haven't updated it. Note that WinPcap and Ethereal are separate projects, as are WinDump and Ethereal, so Ethereal may be able to work with protocols that WinPcap can't, and *vice versa*. ("Work with" in the sense of "analyze".) Given that WinPcap is a library that WinDump and Ethereal (and Analyzer, and so on) use to capture packets, and is a separate project from WinDump and from Ethereal and from Analyzer and so on, it's also possible that WinPcap or Ethereal or Analyzer or... may be able to analyze protocols that WinPcap can't filter. > I thought that Ethereal uses that in a lower level. Yes, Ethereal users libpcap on UNIX, and WinPcap (which is a driver and low-level library for Windows, and a port of libpcap atop that driver and library) on Windows, to do packet capture. However, it does *not* use them to do dissection, so it's perfectly possible for a version of libpcap or WinPcap that knows nothing about filtering CLNP packets to be used by Ethereal without that preventing Ethereal from being able to dissect those packets. In addition, libpcap/WinPcap doesn't have to know about a protocol in order to capture packets of that protocol type; it just has to know about it in order to implement *packet filters* that check for that protocol type. (The next release of WinPcap will probably be able to handle CLNP, at least to the point that you can say iso protocol clnp or just clnp in a WinPcap filter expression, and that WinDump will be able to dissect CLNP packets to some degree; WinPcap 2.3 beta is based on libpcap 0.6.2, which supports that. The current release of WinDump is 3.6.2, which should already be able to dissect CLNP packets to some degree. Note that this means that WinDump 3.6.2 works with CLNP but, if you have WinPcap 2.2, rather than the beta version of WinPcap 2.3, isntalled, it > I wrote that because I need to capture packets with C++ and I already > have the Windump source available in internet. See "print-isoclns.c" for the code that prints CLNP packets in WinDump. --__--__-- Message: 6 From: Guy Harris <guy@xxxxxxxxxx> Subject: Re: [Ethereal-users] tethereal - turning dissectors off To: David Erickson <derickson@xxxxxxx> Date: Tue, 6 Nov 2001 12:21:50 -0800 (PST) Cc: Guy Harris <guy@xxxxxxxxxx>, ethereal-users@xxxxxxxxxxxx > Is there a way to achieve the desired result by modifying the make file > or removing files from the source repository and building tethereal > without the unwanted sub-dissectors? You may have to remove the "register.c" file first, but it *might* work if you do that. --__--__-- Message: 7 From: Guy Harris <guy@xxxxxxxxxx> Subject: Re: [Ethereal-users] Sniffing on HP Token Ring cards To: jason.scott@xxxxxxxxxxx Date: Tue, 6 Nov 2001 16:16:49 -0800 (PST) Cc: ethereal-users@xxxxxxxxxxxx > Is it possible to sniff either of the following token-ring cards on a > d-class hp-ux version 11 server. I asked somebody I know at HP about this; his reply: > None of the "product information" pages say anything about > promiscuous mode or DLPI support on the J2166A card. > > I couldn't find any obvious product information page about the > MDG0002 EISA card ... the EISA card is probably off the HP CLP. > Is it possible to sniff either of the following token-ring cards on a > d-class hp-ux version 11 server. > > 1) .Class I H/W Path Driver S/W State H/W Type Description > =================================================================== > lan 0 10/4/8 token2 CLAIMED INTERFACE HP J2166A - 802.5 Token Ring um, as near as I can tell a J2166A is an HP-PB card. There are no HP-PB slots in a D Class, only EISA and HSC, so the ioscan info above is not from a D Class. I'd be surprised if the HP-PB TR card supported promiscuous mode. I found what purports to be a Product Support Plan and it makes no mention of support for promiscuous mode in the EISA or HP-PB cards. Certainly that would imply that DL_PROMISC_PHYS is out. Whether or not the driver provides DL_PROMISC_SAP I do not know. (I assume "off the HP CLP" is equivalent to "so old that we don't even bother keeping information about it on the Web site".) Without DL_PROMISC_PHYS, you will not be able to sniff in promiscuous mode; you will only be able to see traffic that the machine running Ethereal (or tcpdump, or any other sniffer) receives and possibly traffic it sends as well (depending on whether the driver wraps sent traffic back when not in promiscuous mode; if it doesn't, you won't be able to see traffic the machine sends). This means that if you use tcpdump or Tethereal, you will have to run them with the "-p" flag, to turn promiscuous mode off, and if you use Ethereal, you will have to disable promiscuous mode in the "Capture Preferences" dialog box, if you want to sniff at all. Without DL_PROMISC_SAP - which is a function of the driver, *not* of the hardwware - you will not even be able to sniff traffic to and from the machine. If the driver doesn't support DL_PROMISC_SAP, tcpdump and Tethereal won't even work with the "-p" flag, and Ethereal won't even work if you disable promiscuous mode in the "Capture Preferences" dialog box. NOTE: if capturing doesn't work even with promiscuous mode turned off, that does not *ipso facto* mean that this is because DL_PROMISC_SAP isn't supported; the error message might indicate whether that was the problem or not, so we'd have to see the error message in order to determine that (and even that might not indicate whether that's the problem). --__--__-- Message: 8 Date: Tue, 6 Nov 2001 18:41:33 -0800 From: "Porky Pig" <porky_pig_jr@xxxxxxxxxxx> To: ethereal-users@xxxxxxxxxxxx Subject: [Ethereal-users] problem with reading AIX iptrace file (apparently giop creates a problem) Hello, this is my first attempt to use ethereal. The major reason is that I have to convert the capture traces taken on AIX to something Sniffer can understand. TCPDUMP on AIX is broken, so we use IPTRACE. Ethereal is installed on solaris 8, I've put the latest version (20), but the same results are with prior version, (19). The first IPTRACE file - no problems. I read it into Ethereal, and saved as SNOOP, NGSNIFFER, whatever. No problems. The second IPTRACE file - various problems. It has GIOP packets which apparently Ethereal has some problems with. As I read the file in, I get several messages: WARNING giop: We don't yet dissect LOCATION_FORWARD It does read the file, but I can't convert it into anything. Except save under the different name, but only as another IPTRACE file (with this file, a pull-down menu shows only one option, IPTRACE 2.0. Now another problem. I've thought of filtering out the offending packets (with GIOP), saving the file as IPTRACE, reload it, and hopefully it would work. Alas, somehow display filters with this file fail as well. I setup the filters, apply them, file is reloaded, and it doesn't show the offending packets anymore, but when I save it, somehow it saves everything. So I can't get rid of offending packets. (I know I apply filters correctly, on a first file I've tried the same filter type, and it worked just fine. I filter by IP addresses rather than by protocol GIOP). So I'm stuck. And there is no other utilities I can use to convert IPTRACE to non-AIX format. So Ethereal is my only hope. Any idea on what's wrong? TIA. ------------------------------------------------------------ --== Sent via Deja.com ==-- http://www.deja.com/ --__--__-- Message: 9 From: Guy Harris <guy@xxxxxxxxxx> Subject: Re: [Ethereal-users] problem with reading AIX iptrace file (apparently giop creates a problem) To: Porky Pig <porky_pig_jr@xxxxxxxxxxx> Date: Tue, 6 Nov 2001 18:53:00 -0800 (PST) Cc: ethereal-users@xxxxxxxxxxxx > The second IPTRACE file - various problems. It has GIOP packets which > apparently Ethereal has some problems with. As I read the file in, I > get several messages: > > WARNING giop: We don't yet dissect LOCATION_FORWARD > > It does read the file, but I can't convert it into anything. Except > save under the different name, but only as another IPTRACE file (with > this file, a pull-down menu shows only one option, IPTRACE 2.0. Now > another problem. I've thought of filtering out the offending packets > (with GIOP), Those packets *aren't* what's causing your problem. Ethereal's dissection function, and its capture file reading/writing functions, are separate; when it writes out a capture file, it writes out the raw packet data - whether there's something in the packet that its dissection function can't handle is irrelevant. (In fact, Ethereal comes with a program - editcap - which can also read capture files in one format and write them in another; editcap does not make *any* attempt whatsoever to dissect the contents of the packets.) The most likely reasons why it only allows you to save the file as an iptrace file are: 1) the file has packets of more than one link-layer type - iptrace's capture file format supports that, but other capture file formats don't; 2) the file has packets of only one link-layer type, but that's a link-layer type not supported by the capture file format you're trying to save as; 3) the file has packets of only one link-layer type, and the capture file format you're trying to save as supports it, but Ethereal doesn't know how to write out a capture file in that format with that link-layer type. What link-layer types are in the second iptrace file? Check all of the packets - if, for example, some are Ethernet and some are token-ring, you will probably not be able to save the file as anything other than an iptrace file. (Snoop and Sniffer, for example, can only handle one link-layer type per file.) --__--__-- Message: 10 From: "David Labanda" <dlabanda@xxxxxxxx> To: <ethereal-users@xxxxxxxxxxxx> Date: Wed, 7 Nov 2001 11:37:47 +0100 Subject: [Ethereal-users] Ethereal question This is a multi-part message in MIME format. ------=_NextPart_000_0004_01C16780.9F7FEB40 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Dear Sirs: At present our company is evaluating the Ethereal. Would you be kind enough as to tell us how to install libcap? Looking forward to your response, yours faithfully, David Labanda. ---------------------------------------------------------------------------- ---- David Labanda Network Engineer TCP SISTEMAS E INGENIERIA, S.L. ---------------------------------------------------------------------------- ---- ------=_NextPart_000_0004_01C16780.9F7FEB40 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD><TITLE></TITLE> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 5.50.4134.600" name=3DGENERATOR></HEAD> <BODY> <P><FONT size=3D2><STRONG><FONT size=3D4>Dear Sirs:<BR><BR> = At present=20 our company is evaluating the = Ethereal.<BR> <BR> =20 Would you be kind enough as to tell us how to install=20 libcap?<BR></FONT></STRONG></FONT></P> <P><FONT size=3D2><STRONG><FONT size=3D4> Looking forward to = your=20 response, yours faithfully,<BR><BR> David=20 Labanda.<BR><BR><BR>-----------------------------------------------------= ---------------------------<BR><BR><FONT=20 color=3D#800000> David Labanda<BR> Network = Engineer<BR> TCP=20 SISTEMAS E INGENIERIA,=20 S.L.<BR></FONT><BR>------------------------------------------------------= --------------------------<BR><BR></FONT></STRONG> </FONT>=20 </P></BODY></HTML> ------=_NextPart_000_0004_01C16780.9F7FEB40-- --__--__-- Message: 11 From: "Peter Rennert" <prennert@xxxxxxxxxxxxxx> To: <ethereal-users@xxxxxxxxxxxx> Date: Wed, 7 Nov 2001 13:04:30 +0100 Subject: [Ethereal-users] beaconing packet hello, we search for an beaconing error occured in a token-ring network. can ethereal grep the beaconing packet?? if yes.... who did it displayed?? thanx peter Mit freundlichen Gru?en Peter Rennert Rennert GmbH Administration & Netzwerk-Support Neckaraue 19 71686 Remseck Tel. 07146 / 880399 Fax 07146 / 880398 http://www.rennertgmbh.de --__--__-- Message: 12 Date: Wed, 07 Nov 2001 07:28:35 -0500 To: ethereal-users@xxxxxxxxxxxx From: Rodney Womack <rcwomack@xxxxxxxxxxxx> Subject: [Ethereal-users] Ethereal Does not load I have installed Ethereal and started it on my Windows 2000 machine but nothing happens. It shows no activity whatsoever. Is there something else that is needed to get it started. I have read the FAQ and the Ethereal website trying to figure out what I might be doing wrong. Any assistance would be greatly appreciated. Thanks in advance, Rodney --__--__-- _______________________________________________ Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-users End of Ethereal-users Digest
- Prev by Date: [Ethereal-users] MSN Messenger Service
- Next by Date: Re: [Ethereal-users] Ethereal question
- Previous by thread: [Ethereal-users] MSN Messenger Service
- Next by thread: RE: [Ethereal-users] Libcrypto.so.0
- Index(es):