Hi,
I’m a heavy user (and big fan) of Ethereal, and I saw something
today that I hadn’t seen before. I’m curious if folks have
seen this, and have any “wisdom” to impart…
I ran Ethereal (0.10.13) on a machine (“the capture
box”), to capture traffic between it and another machine. When I
inspected the resultant trace file, I saw something that got my attention, so I
dug deeper. When I did, I saw that there were packets missing on the
sender (capture box) side. In other words, the missing packets were not
packets expected to arrive from across the network, but were packets that the
capture box was to send! That was something I had never seen before.
How could packets get lost before you even send them?
So I looked at the NIC on the capture box, and I saw that it
was a: “VMware virtual ethernet interface”.
I don’t know a lot about VMware, but I think I understand
the concept – it emulates one machine/OS while running on another.
I talked with a colleague who knows much more about it, and he informed me that
VMware uses a “virtual” NIC that sits between the virtual machine
and the “real” NIC.
Bottom line: I’m assuming at this point that the
strange behavior I’m seeing is due to this VMware virtual NIC and/or how
Ethereal interacts with it.
Can anyone confirm this, and/or provide suggestions or
pointers for working around it?
Thx much,
Michael
Michael Feeny
TDDS Application Integration Management
609-274-2761 (Office)
484-995-1745 (Mobile)
1-888-MERRIL0 (Page)
feenyman99 (AIM)
