Ethereal-users: [Ethereal-users] Ethereal Not Capturing All Packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Christopher Collins" <ccollins@xxxxxx>
Date: Thu, 12 Aug 2004 12:06:39 -0300

Ethereal v0.10.4

WinPCAP v3

 

Is anyone else experiencing problems with Ethereal not capturing all traffic?

 

We attempted to capture data on a 100Mbps net and only after running TCPDump on the server in question were we able to determine that Ethereal was not capturing all the data.

 

Description of Scenario based on Ethereal trace

 

  1. Client would send a DHCP Discovery packet to the DHCP server
  2. DHCP server would respond between 30-120 times with a DHCP Offer
  3. Client would accept DHCP offer with a DHCP Request
  4. DHCP server would respond between 30-120 times with a DHCP Ack

 

This was captured using multiple versions of Ethereal on various points in the network.

 

Description of Scenario based on TCPDUMP trace

 

  1. Client would send between 30-120 DHCP Discovery packets to the DHCP server
  2. DHCP server would respond between 30-120 times with a DHCP Offer
  3. Client would accept DHCP offer with between 30-120 DHCP Requests
  4. DHCP server would respond between 30-120 times with a DHCP Ack

 

As you can see, Ethereal was not displaying the whole picture. One capture looks like a server problem, while a complete capture looks like a looping or bridging problem.