Ethereal-users: [Ethereal-users] RE: How to verify if my NIC supports promiscuous mode
Hi Vipin,
I had found a useful website to check for your NIC.
http://www.compaq.com/support/files/server/us/revision/3028.html
http://www.compaq.com/support/files/server/us/download/9831.html
hope you might find something helpful.
Regards,
Harsh Patel.
SIEMENS ICN, Inc.
SURPASS hiQ Feature SW
Ph: (561) 923 3286
Harsh.Patel@xxxxxxxxxxxxxxx
-----Original Message-----
From: Vipin Palawat [mailto:vpalawat@xxxxxxxxx]
Sent: Wednesday, October 24, 2001 12:02 PM
To: Guy Harris; Patel, Harsh
Cc: ethereal-users@xxxxxxxxxxxx
Subject: How to verify if my NIC supports promiscuous mode
Hi Guy,
Can you please tell me some method to verify that my
NIC supports promiscuous mode ?
Thanks,
Vipin
-----Original Message-----
From: ethereal-users-admin@xxxxxxxxxxxx
[mailto:ethereal-users-admin@xxxxxxxxxxxx]On Behalf Of Guy Harris
Sent: 22 October 2001 17:34
To: Patel, Harsh
Cc: 'ethereal-users@xxxxxxxxxxxx'
Subject: Re: [Ethereal-users] Regarding the Ethereal software
> Now, my question is, I observed a rather unusual behavior of the Ethereal
> software. When I was trying to capture the SIP packets(Enabled all in the
> protocol) while trying to make a call between 2 SIP phones, it didn't gave
> any SIP messages. All I found was the STP(Spanning Tree Protocol), but I
was
> able to get SIP packets when I was using the Software Client which was
> installed on the same machine on which the Ethereal software is installed
> (SIP_UA1 and SIP_UA2), and working from a SIP phone. I tried different
> combinations and what I found was, the Ethereal Software was able to trace
> the SIP packets only when the machine on which it was installed was
involved
> in the activity.
STP packets are multicast packets, so they'll be seen by any machine
that's set up to receive that multicast address, regardless of whether
that machine is in promiscuous mode or not.
SIP messages, however, are unicast packets, so they'll only be seen by
the machine from which they're being sent or to which they're being
sent, unless the network they're on is capable of promiscuous sniffing
and the network interface doing the sniffing is in promiscuous mode.
Is the *only* traffic you're seeing STP and other broadcast/multicast
traffic?
If so, I think the most likely explanation is that either
1) your hub is a switching hub
or
2) the machine on which you're running Ethereal has a network
interface whose hardware or driver doesn't support
promiscuous mode.
I'm assuming you're capturing in promiscuous mode (otherwise, you won't
see traffic not sent from the machine running Ethereal and not sent to a
MAC address that machine doesn't recognize) and that you're running the
latest version of Ethereal (a few releases ago there was a bug that
caused promiscuous mode not to work with "Update list of captures in
real time" captures).
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users