Ethereal-users: Re: [Ethereal-users] Question on WAN links, REALLY LIKE THE PRODUCT

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Fri, 31 May 2002 12:29:36 -0700
On Fri, May 31, 2002 at 03:03:48PM -0400, Ken_Okenka@xxxxxxx wrote:
> Speaking of PCMIC cards, since I see that your
> protocol also addresses Frame-Relay information....
> what type of PCMIC dual cable card do you recommend
> to allow for pass-thru interupt of a Frame-Relay
> circurt so we can use the product for sniffing
> that way?

Ethereal does its packet sniffing by using the libpcap/WinPcap library;
that library doesn't support that form of passive sniffing, it only uses
the native OS packet capture mechanism on various UNIXes, and the native
NDIS mechanism plus the WinPcap drivers on Windows, to sniff traffic
from an active network interface.

I.e., the only Frame Relay sniffing it would support would be sniffing
traffic on a Frame Relay circuit the machine is using as a network
interface.

I don't know what type of PC Card to use, but even if you do get such a
card, you'd also need some software to do that sort of passive sniffing;
I don't know what sort of software of that sort exists, nor do I know
what would be involved in writing such software.