Wireshark · Ethereal-users: Re: [ethereal-users] Packets not found

Ethereal-users: Re: [ethereal-users] Packets not found

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Philip Long <plong@xxxxxxxxx>

Date: Sun, 29 Aug 1999 15:30:25 -0400

Gilbert Ramirez wrote:

> Is this at home or at the office?

Office

>
>
> Your sniffing machine (computer A) is on the ethernet segment.
> Your other computer (computer B) is on the ethernet segment.

Yes.  Both on the same 100 base Tx;  Incidentally,  I've noticed that
computer A (lyta, always running linux) can serve up ftp to computer B (fang)
at a sustained rate of 3500 KB/sec under linux, but when fang has to be a
win32 box, the transfer rate (both with Netscape 4.61 BTW) is only 1800
KB/sec.

>
>
> Who is computer B talking to? A third computer on the ethernet segment?
> Or perhaps with a computer on the Internet, off of your LAN.

Three cases:  fang talks to lyta (http or ftp or ping etc.), the sniffer on
lyta works.
fang talks to another computer on same subnet as itself and lyta, sniffer
detects nothing
fang talks to something outside our firewall (ie http://slashdot.org),
sniffer detects nothing

This holds for ethereal, karpski, and tcpdump.  When fang was running win32,
the generic NAI lan analyzer seemed to be detecting the traffic (reporting
fang talking to other things with a certain volume), but I was not able to
inspect individual packets (because of my inexperience with the software or
it's inability to function that way).

There are about 100 people on this subnet; I don't seem to be observing what
would be normal http or smtp traffic.

>
>
> If on the Internet, how is computer B getting to the Internet?

Fang has a NIC and gets to the internet through the gateway, a CISCO box
running IOS 11.2.  Straight TCP or UDP, no PPP.

> Through
> it's own PPP or SLIP connection? Or through the ethernet hub to another
> PPP device?
>

> Can you give us the IP addresses of:
> Computer A, computer B, the computer(s) which computer B is talking to.

All computers are behind a firewall.  An example with different ip addresses:

lyta: 192.168.118.144
fang: 192.168.118.130

>
> Also, could you explain in more detail how all the computers
> are connected on the network. Are all on the same ethernet hub?

As far as I know, they are on the same hub.

> And it
> *is* a hub, not a switch, right? Are there routers, PPP connections,
> ISDN or DSL "modems"?
>
> --gilbert

Thanks,
Phil Long

Follow-Ups:
- Re: [ethereal-users] Packets not found
  - From: Guy Harris

References:
- Re: [ethereal-users] Packets not found
  - From: Gilbert Ramirez

Prev by Date: Re: [ethereal-users] Packets not found
Next by Date: Re: [ethereal-users] Packets not found
Previous by thread: Re: [ethereal-users] Packets not found
Next by thread: Re: [ethereal-users] Packets not found
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$