Wireshark · Ethereal-users: Re: [ethereal-users] Interfaces

Ethereal-users: Re: [ethereal-users] Interfaces

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Wed, 27 Sep 2000 13:55:06 -0700 (PDT)

> I believe that you need administrator privilages and the Windows
> packet driver (libpcap port) installed. On my IBM labtop with a 
> 3com PCMCIA ethernet card the Ethereal network interface defaults to
> "\Device\Packet_el3c5891". You can get the _interface port by
> doing a "net config workstation" or "net config server". The
> "net config workstation" command on my workstation shows the
> network interface name as "NetBt_el3c5891".

"ipconfig" might also do the job here, reporting the name without the
"NetBT_" stuff in front of it (i.e., reporting the raw name, not the
name that NetBIOS-over-TCP (a/k/a NetBT) uses).

However, if it doesn't show up in the combo box, that may mean that, for
whatever reason, WinPcap can't open the interface, which means Ethereal
won't be able to capture on it.

Note that, after you've installed the WinPcap driver and library
(presumably the library, at least, has been installed, on the original
poster's machine; if it weren't instalfled, Ethereal wouldn't, I
suspect, even have *run*, as it would've complained about a "packet.dll"
library), you *MUST* reboot your machine before you try capturing.  You
will not be able to do packet captures until you reboot.

Note also that you do *NOT* necessarily need administrator privileges to
do packet captures; the WinPcap FAQ at

	http://netgroup-serv.polito.it/winpcap/misc/faq.htm

says:

	Q-5: Do I need to be Administrator in order to execute programs
	based on WinPcap?

	A: No.  Unlike the libpcap, WinPcap does not require that the
	program has been launched by an Administrator.  However,
	remember that you must be administrator to install the packet
	driver.

You'd need them to install the packet driver, but, according to the FAQ,
you don't need them to do captures once the packet driver has been
installed.

Before reporting *any* problems with packet capture on Windows, one
should check the WinPcap FAQ first.

Note also that not everybody on the Ethereal development team is
familiar with the gory internal details of WinPcap; you may find answers
more quickly by doing as the WinPcap home page at

	http://netgroup-serv.polito.it/winpcap/

suggests and sending bug reports to "winpcap@xxxxxxxxxxxxxxxxxxxxxxx". 
(WinPcap is *NOT* part of Ethereal, just as the BPF mechanism in BSD,
the DLPI mechanisms in some flavors of UNIX, the "packet socket"
mechanism in Linux, etc. aren't part of Ethereal; they're mechanisms
that are used by Ethereal as well as by other programs.)

References:
- Re: [ethereal-users] Interfaces
  - From: work

Prev by Date: Re: [ethereal-users] Interfaces
Next by Date: Re: [ethereal-users] Interfaces
Previous by thread: Re: [ethereal-users] Interfaces
Next by thread: Re: [ethereal-users] Interfaces
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$