At 9:44 PM -0700 10/27/04, Hensley, Bill (Space Technology) wrote:
I've got a problem with using Ethereal. I used an earlier Ethereal
(0.7, I think) to monitor an IPSec session between a number of
machines on a hub-connected network.
I am now using Ethereal (0.10.6) on a Windows 2000 box with a NIC
that is known to operate in promiscuous mode. The machine is seeing
all of the broadcast traffic on the wire, but it's not seeing
anything else unless it's directed specifically at the machine.
I've run through the troubleshooting on the website, read the FAQs,
and extensively searched Google (web and groups). One guy here
thinks that it has something to do with IPSec encrypting the headers
of the packets, but since we can's see the clear pings either I
don't think it's an IPSec problem.
We use tethereal 0.10.0 for sniffing IPsec all the time, no problem.
(For examples, see the links off of
<http://www.vpnc.org/detail-basic-interop.html>.) I suspect, as the
other person said, you're on a switch, not a hub; you might even be
on a switch that says it's a hub but it's not.
--Paul Hoffman, Director
--VPN Consortium
