Ethereal-users: [Ethereal-users] No Adapter Interfaces Ethereal 0.10.9 -- Updated
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Dick Griest" <krellguy@xxxxxxxxxxxxx>
Date: Mon, 14 Feb 2005 11:15:48 -0600
|
Dear Ethereal Support Team:
Please ignore my two previous emails appended below, which are superceded
by this one.
I discovered that the problems I was having with Ethereal 0.10.6 and
WinPCap 3.1 Beta4 on my Windows 2K Professional SP3 box were caused by having
previously installed TamoSoft's CommView CV5. CommView apparently locked
up my dial-up adapter so that it was no longer available to WinPcap and thus it
didn't show up in the Ethereal available adapters box. It was only after I
uninstalled CommView (which has its own RAS driver for dial-up tscomm.sys and
ts_lb.sys) that I was able to get Ethereal to capture my
dial-up conversation with my ISP. Prior to uninstalling CommView no
adapters at all showed in Ethereal.
I apologize for the stupidity on my part, however I think I would have
realized sooner what was going on if the documentation for your product had been
a little clearer. Here are some changes I might recommend:
(1) Where you list the standard download Win32 distribution http://www.ethereal.com/distribution/win32/ you
could add WinPcap 3.1 Beta4 to the WinPcap 3.0 currently shown, with a
note about PPP support from FAQ http://winpcap.polito.it/misc/faq.htm#Q-4
(2) Delete all "List" posts http://www.ethereal.com/lists/ which
state that Ethereal (WinPcap) doesn't work with PPP as these posts confuse
the issue if you run into trouble capturing with a dial-up adapter.
(3) At the top of each of the online help files which appear
when you click on the Life Preserver Icon in Ethereal, place instructions that
the help text should be copied to the Windows clipboard and pasted into a
file where it can searched electronically using "Ctrl F", instead of having to
read the entire contents to see if what you are looking for is there. For
some reason when you have these files open in Ethereal and press "Ctrl F", the
normal Windows search feature has been disabled. This will go a long way
toward preventing nuisance emails from members of the genereal
public like myself.
(4) After completing step (3) I quickly located what the Help files had to
say about PPP.
There is no mention here of WinPcap 3.1 Beta. Also
when it says Windows NT/2000/XP/Server I assume it means the server
versions of Windows NT/2000/XP but it could also be interpreted as Windows
NT/2000 and the server version of Windows XP.
Again no mention of WinPcap 3.1 Beta. In the "FAQ" tab, the
questions appear first without the answers and later down below with the
answers. This works in hypertext but is somewhat confusing in the plain
text of the Help window.
Again no mention of WinPcap 3.1 Beta.
Also the error message which pops up when you try to manually
poke a non-existant adapter name into the adapter selection
window needs to be modified as it currently reads "WinPcap 3.0 and later
versions don't support capturing on PPP/WAN interfaces at all." (see attached
Ethereal vs PPP Message confusing.gif) Here again we have the confusing
wording of "doesn't support capturing on PPP/WAN interfaces in Windows
NT/2000/XP/2003 Server", which is different than that in the Help file.
(5) Because Windows PPP support is new, there is nothing
about it in the Help portion of Ethereal (Live Preserver Icon) or in the online
hypertext Help or online PDF Help file. I have attached some screen
captures which show that the PPP adapter doesn't show up as available until the
computer has established a dial-up connection with the internet. At first
all that showed up was "Generic NdisWan adapter:
\Device\NPF_GenericNdisWanAdapter". However I was able to capture my
dial-up conversations with my internet ISP using this Generic Ndis Wan
adapter. After I established the dial-up connection an additional adapter
showed up "WAN (PPP/SLIP) Interface:
\Device\NPF_{F37D0895-3FB0-4946-89D1-42FE988DBA90}". I reloaded a
fresh image of Win 2K and verified that the key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F37D0895-3FB0-4946-89D1-42FE988DBA90}
was present prior to loading WinPcap and Ethereal. It was. This
raises the question of why WinPcap can't find it until going online and
establishing a dial-up conncection and what the differences are, if any, between
the two adapters. In the WpdPack Developers Pack documentation it
says:
Including these screen captures in the online help with a statement
like, "If you can talk to the internet over a dial-up phone line, this is what
you should see after loading WinPcap and Ethereal." would be helpful to people
like me. I would expect that other people might have the experience
I had where one downloads a commercial sniffer, tries it, gets sticker
shock, and then looks for a freeware version to download.
In closing let me say that I appreciate your product, which as a
member of the general public, I am using to evaluate the effectiveness of my
firewall, and to get a handle on the spyware on my computer. Let me say
that I was shocked. Shocked! It takes 15 IP sites just to download
one newspaper article from the Washington Post online. A
friend who is an IT professional raved about your product and so I was
anxious to learn how to use it. Most people look over their phone
bills to see that calls are not being made to inappropriate
numbers. Your product give people a tool to do the same
thing with their internet connection. There needs to be a whole lot more
sniffing going on by the general public, and so I wouldn't be surprised to see
millions of hits on your web site in the near future .
Regards,
Dick Griest
----- Original Message -----
From: Dick Griest
Sent: Friday, February 11, 2005 8:37 PM
Subject: No Adapter Interfaces Ethereal 0.10.9 Win2K Dear Ethereal Support Team:
Since my earlier email is being reviewed by a monitor to
make sure it's not SPAM, perhaps you can just cancel it and post this update
instead.
Subsequent to my email below I downloaded Ethereal 0.10.6 and was delighted
to find out that adapter interfaces show up in that version when you go to start
a capture. I now get to chose between two adapters: Generic Ndis Wan
adapter & Wan (PPP/SLIP) see attached photo 0.10.6.gif. This is an
improvement over Ethereaal 0.10.9 where no adapters showed up. Zippo!
But after I installed 0.10.6 and then reinstalled 0.10.9, magically
everything is now working in 0.10.9 and I get the same adapters I got in
0.10.6. So perhaps this is the fix? (Note: I have been running
WinPcap_3_1_beta4.exe all along. No changes or reinstalls there.
Once I saw the npf NetGroup Packet Filter Driver running using msinfo32 as
described http://winpcap.polito.it/misc/faq.htm#Q-4 I
figured the problem was in Ethereal.
In any case it's not a matter of administrative privileges http://www.ethereal.com/faq.html#capprobwin
, as there is only one account on my Win 2K box, and I'm it. (the
admininistator) This "no adapters" issue has been floating for some time
and while all my experiences are with the same version of WinPcap_3_1_beta4.exe
the boys in Italy may not be off the hook entirely http://www.effetech.com/forum/viewtopic.php?t=37
Once the latest version of Ethereal started working, the
interface adapter appeared as WAN (PPP/SLIP) Interface:
\Device\NPF_{E486F8E3-EAC9-4BC2-99FE-50D05DD77C4C}
The last part of this string appeared in the keys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{E486F8E3-EAC9-4BC2-99FE-50D05DD77C4C}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E486F8E3-EAC9-4BC2-99FE-50D05DD77C4C}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetBT\Parameters\Interfaces\Tcpip_{E486F8E3-EAC9-4BC2-99FE-50D05DD77C4C}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E486F8E3-EAC9-4BC2-99FE-50D05DD77C4C}
So if all else fails you just concatonate the two strings and poke it in
the eye as described in this previous fix http://www.ethereal.com/lists/ethereal-users/200407/msg00109.html
Regards,
Dick Griest
----- Original
Message -----
From: Dick Griest
Sent: Friday, February 11,
2005 5:03 PM
Subject: PPP adapter
disappeared with Ethereal 0.10.9 Dear Ethereal Support Team,
You may be interested to know that I can capture my dial-up adapter modem
using Ethereal 0.10.3 but not with the new version Ethereal 0.10.9.
I am running WinPcap_3_1_beta4.exe on W2K SP3. Under Ethereal 0.10.3
when you click capture then click start you see the adapter interface "Generic
NdisWan adapter: \Device\NPF_GenericNdisWanAdapter" in the pull down
window right at the top. (I have no ethernet network interface card
i.e. NIC so this is the only interface available) Under Ethereal
0.10.9 when I click on capture then click interface, I have no adapters at
all to choose from.
I like the new GUI layout which took place somewhere between these two
versions. Particulaly nice is the triangle indicator which shows where the
packets are coming from at any instant in time by moving the triangle on the
line that corresponds to that IP address . Also neat is how it walks you
through step by step in formulating filter strings. Too bad the new
GUI won't work for me.
I came across this post http://www.ethereal.com/lists/ethereal-users/200404/msg00310.html
which tipped me off that Ethereal could now work with PPP on W2K. I tried
it three years ago and discovered to my disappointment that it didn't work
then. I think you could post a link to Questions 6 & 25 in this
FAQ http://winpcap.polito.it/misc/faq.htm
a little more prominently which states that PPP has been added as of WinPcap_3_1
beta, but that it isn't accessible any longer in Ethereal.
Regards,
Dick Griest |
Attachment:
Ethereal vs PPP Message confusing.gif
Description: GIF image
Attachment:
ethereal capture options after going online.gif
Description: GIF image
Attachment:
ethereal capture interfaces before going online.gif
Description: GIF image
Attachment:
ethereal capture interfaces after going online.gif
Description: GIF image
Attachment:
ethereal capture options before going online.gif
Description: GIF image
- Follow-Ups:
- Re: [Ethereal-users] No Adapter Interfaces Ethereal 0.10.9 -- Updated
- From: Guy Harris
- Re: [Ethereal-users] No Adapter Interfaces Ethereal 0.10.9 -- Updated
- From: Guy Harris
- Re: [Ethereal-users] No Adapter Interfaces Ethereal 0.10.9 -- Updated
- Prev by Date: [Ethereal-users] Percentage of lost packets
- Next by Date: Re: [Ethereal-users] Percentage of lost packets
- Previous by thread: Re: [Ethereal-users] Percentage of lost packets
- Next by thread: Re: [Ethereal-users] No Adapter Interfaces Ethereal 0.10.9 -- Updated
- Index(es):
