> I have downloaded WinPcap 2.1 and Ethereal 0.8.17
> on my win2k machine (an IBM Thinkpad T20)
> but when I select the \Device\Packet_NdisWanIp
> as interface nothingh is captured.
>
> Any idea?
>
> The 0.8.15 worked correctly on my PC.
Yes, but did it work with \Device\Packet_NdisWanIp?
On the NT 4.0 partition on my machine at home, with WinPcap 2.02,
Ethereal (built from CVS) didn't show \Device\Packet_NdisWanIp as one of
the network devices on which I could capture; when I upgraded to WinPcap
2.1, that device showed up - and showed up first on the list, so it was
the default device.
It did allow me to start a capture on the device, but it didn't capture
any traffic, because there wasn't any traffic on my dial-up connection -
my Internet connection was over the Ethernet to an ADSL modem.
If I captured on the Ethernet interface, it worked.
The WinPcap FAQ, at
http://netgroup-serv.polito.it/winpcap/misc/faq.htm
says:
Q-3: Can I use WinPcap on a PPP connection?
A: We have tested WinPcap on PPP connections under Windows 95
and Windows 98 and it seems to work well. Under Windows NT and
Windows 2000 there are problems with the binding process, that
prevents a protocol driver from working on the WAN adapter if it
is not written by Microsoft.
and it said something similar when WinPcap 2.02 was the standard
version, i.e. they never supported PPP captures on Windows NT/2000.
If you're trying to capture on a PPP connection, it probably won't work
(and I have the impression it may never have worked); it should work on
an Ethernet interface, but you may have to select a different device
from the list (on Windows 2000, the name of the Ethernet device will be
something horrible and unreadable such as
\Device\Packet_{BE4BA7D2-1F93-48CA-87CF-4F1693D8F544}
rather than something that makes it obvious that it's your Ethernet
interface).
