diff options
| author | Jörg Mayer <jmayer@loplof.de> | 2003-07-23 15:11:20 +0000 |
|---|---|---|
| committer | Jörg Mayer <jmayer@loplof.de> | 2003-07-23 15:11:20 +0000 |
| commit | d6319d5c9028b1eb9a3a4cb24d2524e7ccc86634 (patch) | |
| tree | 95e8f5ed74a740a8e100f6c0f547b770bcbf20f7 | |
| parent | 4f0ecbde2ede375976480b856a3b0be243882f63 (diff) | |
Update FAQ
svn path=/trunk/; revision=8071
| -rw-r--r-- | FAQ | 142 | ||||
| -rw-r--r-- | FAQ.include | 160 |
2 files changed, 167 insertions, 135 deletions
@@ -63,7 +63,7 @@ see from or to the machine I'm trying to monitor. 5.2 I can't see any TCP packets other than packets to and from my - machine, even though another sniffer on the network sees those + machine, even though another analyzer on the network sees those packets. 5.3 I'm only seeing ARP packets when I try to capture traffic. @@ -87,63 +87,67 @@ 5.10 When I run Ethereal on Solaris 8, it dies with a Bus Error when I start it. - 5.11 When I try to run Ethereal, it complains about + 5.11 When I run Ethereal on Windows NT, it dies with a Dr. Watson + error, reporting an "Integer division by zero" exception, when I start + it. + + 5.12 When I try to run Ethereal, it complains about sprint_realloc_objid being undefined. - 5.12 I'm running Ethereal on Linux; why do my time stamps have only + 5.13 I'm running Ethereal on Linux; why do my time stamps have only 100ms resolution, rather than 1us resolution? - 5.13 I'm capturing packets on {Windows 95, Windows 98, Windows Me}; + 5.14 I'm capturing packets on {Windows 95, Windows 98, Windows Me}; why are the time stamps on packets wrong? - 5.14 When I try to run Ethereal on Windows, it fails to run because it + 5.15 When I try to run Ethereal on Windows, it fails to run because it can't find packet.dll. - 5.15 I'm running Ethereal on Windows; why does some network interface + 5.16 I'm running Ethereal on Windows; why does some network interface on my machine not show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start", and/or why does Ethereal give me an error if I try to capture on that interface? - 5.16 I'm running on a UNIX-flavored OS; why does some network + 5.17 I'm running on a UNIX-flavored OS; why does some network interface on my machine not show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start", and/or why does Ethereal give me an error if I try to capture on that interface? - 5.17 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has + 5.18 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the "Interface" item in the "Capture Options" dialog box. Why can no packets be sent on or received from that network while I'm trying to capture traffic on that interface? - 5.18 I'm running Ethereal on Windows 95/98/Me, on a machine with more + 5.19 I'm running Ethereal on Windows 95/98/Me, on a machine with more than one network adapter of the same type; Ethereal shows all of those adapters with the same name, but I can't use any of those adapters other than the first one. - 5.19 I'm running Ethereal on Windows, and I'm not seeing any traffic + 5.20 I'm running Ethereal on Windows, and I'm not seeing any traffic being sent by the machine running Ethereal. - 5.20 I'm trying to capture traffic but I'm not seeing any. + 5.21 I'm trying to capture traffic but I'm not seeing any. - 5.21 I have an XXX network card on my machine; if I try to capture on + 5.22 I have an XXX network card on my machine; if I try to capture on it, my machine crashes or resets itself. - 5.22 My machine crashes or resets itself when I select "Start" from + 5.23 My machine crashes or resets itself when I select "Start" from the "Capture" menu or select "Preferences" from the "Edit" menu. - 5.23 Does Ethereal work on Windows ME? + 5.24 Does Ethereal work on Windows ME? - 5.24 Does Ethereal work on Windows XP? + 5.25 Does Ethereal work on Windows XP? - 5.25 Why doesn't Ethereal correctly identify RTP packets? It shows + 5.26 Why doesn't Ethereal correctly identify RTP packets? It shows them only as UDP. - 5.26 Why doesn't Ethereal show Yahoo Messenger packets in captures + 5.27 Why doesn't Ethereal show Yahoo Messenger packets in captures that contain Yahoo Messenger traffic? - 5.27 Why do I get the error + 5.28 Why do I get the error Gdk-ERROR **: Palettized display (256-colour) mode not supported on Windows. @@ -151,22 +155,22 @@ when I try to run Ethereal on Windows? - 5.28 When I capture on Windows in promiscuous mode, I can see packets + 5.29 When I capture on Windows in promiscuous mode, I can see packets other than those sent to or from my machine; however, those packets show up with a "Short Frame" indication, unlike packets to or from my machine. What should I do to arrange that I see those packets in their entirety? - 5.29 How can I capture raw 802.11 packets, including non-data + 5.30 How can I capture raw 802.11 packets, including non-data (management, beacon) packets? - 5.30 How can I capture packets with CRC errors? + 5.31 How can I capture packets with CRC errors? - 5.31 How can I capture entire frames, including the FCS? + 5.32 How can I capture entire frames, including the FCS? - 5.32 Ethereal hangs after I stop a capture. + 5.33 Ethereal hangs after I stop a capture. - 5.33 How can I search for, or filter, packets that have a particular + 5.34 How can I search for, or filter, packets that have a particular string anywhere in them? GENERAL QUESTIONS @@ -178,7 +182,7 @@ Q 1.2: What protocols are currently supported? - A: There are currently 381 supported protocols and media, listed + A: There are currently 385 supported protocols and media, listed below. Descriptions can be found in the ethereal(1) man page. 802.1q Virtual LAN @@ -270,11 +274,13 @@ Datagram Delivery Protocol Diameter Protocol Distance Vector Multicast Routing Protocol + Distcc Distributed Compiler Distributed Checksum Clearinghouse Prototocl Domain Name Service Dynamic DNS Tools Protocol Encapsulating Security Payload Enhanced Interior Gateway Routing Protocol + EtherNet/IP (Industrial Protocol) Ethernet Ethernet over IP Extensible Authentication Protocol @@ -383,6 +389,7 @@ Microsoft Server Service Microsoft Service Control Microsoft Spool Subsystem + Microsoft Task Scheduler Service Microsoft Telephony API Service Microsoft Windows Browser Protocol Microsoft Windows Lanman Remote API Protocol @@ -423,6 +430,7 @@ Open Shortest Path First OpenBSD Encapsulating device OpenBSD Packet Filter log file + OpenBSD Packet Filter log file, pre 3.4 PC NFS PPP Bandwidth Allocation Control Protocol PPP Bandwidth Allocation Protocol @@ -645,7 +653,7 @@ Ethernet was named after the "luminiferous ether" which was once thought to carry electromagnetic radiation. Taking that into consideration, Ethereal seemed like an appropriate name for an - Ethernet sniffer. + Ethernet analyzer. DOWNLOADING ETHEREAL Q 2.1: I downloaded the Win32 installer, but when I try to run it, I @@ -776,7 +784,7 @@ may exist for other "auto-sensing" or "dual-speed" hubs. Some switches have the ability to replicate all traffic on all ports - to a single port so that you can plug your sniffer into that single + to a single port so that you can plug your analyzer into that single port to sniff all traffic. You would have to check the documentation for the switch to see if this is possible and, if so, to see how to do this. See, for example: @@ -851,7 +859,7 @@ promiscuous mode. Q 5.2: I can't see any TCP packets other than packets to and from my - machine, even though another sniffer on the network sees those + machine, even though another analyzer on the network sees those packets. A: You're probably not seeing any packets other than unicast packets @@ -1024,7 +1032,15 @@ Similar problems may exist with older versions of GTK+ for earlier versions of Solaris. - Q 5.11: When I try to run Ethereal, it complains about + Q 5.11: When I run Ethereal on Windows NT, it dies with a Dr. Watson + error, reporting an "Integer division by zero" exception, when I start + it. + + A: In at least some case, this appears to be due to using the default + VGA driver; if that's not the correct driver for your video card, try + running the correct driver for your video card. + + Q 5.12: When I try to run Ethereal, it complains about sprint_realloc_objid being undefined. A: Ethereal can only be linked with version 4.2.2 or later of UCD @@ -1034,7 +1050,7 @@ the older version, and fails. You will have to replace that version of UCD SNMP with version 4.2.2 or a later version. - Q 5.12: I'm running Ethereal on Linux; why do my time stamps have only + Q 5.13: I'm running Ethereal on Linux; why do my time stamps have only 100ms resolution, rather than 1us resolution? A: Ethereal gets time stamps from libpcap/WinPcap, and libpcap/WinPcap @@ -1060,13 +1076,13 @@ have to run a standard kernel from kernel.org in order to get high-resolution time stamps. - Q 5.13: I'm capturing packets on {Windows 95, Windows 98, Windows Me}; + Q 5.14: I'm capturing packets on {Windows 95, Windows 98, Windows Me}; why are the time stamps on packets wrong? A: This is due to a bug in WinPcap. The bug should be fixed in WinPcap 3.0. - Q 5.14: When I try to run Ethereal on Windows, it fails to run because + Q 5.15: When I try to run Ethereal on Windows, it fails to run because it can't find packet.dll. A: In older versions of Ethereal, there were two binary distributions @@ -1083,7 +1099,7 @@ Web site, the local mirror of the WinPcap Web site, or the Wiretapped.net mirror of the WinPcap site. - Q 5.15: I'm running Ethereal on Windows; why does some network + Q 5.16: I'm running Ethereal on Windows; why does some network interface on my machine not show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start", and/or why does Ethereal give me an error if I try to capture on that @@ -1099,10 +1115,10 @@ If you are running on Windows 95/98/Me, or if you are running on Windows NT 4.0/2000/XP/Server and have administrator privileges or a - WinPcap program has been run with those privileges since the machine - rebooted, then note that Ethereal relies on the WinPcap library, on - the WinPcap device driver, and on the facilities that come with the OS - on which it's running in order to do captures. + WinPcap-based program has been run with those privileges since the + machine rebooted, then note that Ethereal relies on the WinPcap + library, on the WinPcap device driver, and on the facilities that come + with the OS on which it's running in order to do captures. Therefore, if the OS, the WinPcap library, or the WinPcap driver don't support capturing on a particular network interface device, Ethereal @@ -1122,13 +1138,13 @@ * On Windows 95, 98, or Me, sometimes more than one interface will be given the same name; if that is the case, you will only be able to capture on one of those interfaces - it's not clear to which - one the name, when used in a WinPcap application, will refer. For - example, if you have a PPP serial interface and a VPN interface, - they might show up with the same name, for example "ppp-mac", and - if you try to capture on "ppp-mac", it might not capture on the - interface you're currently using. In that case, you might, for - example, have to remove the VPN interface from the system in order - to capture on the PPP serial interface. + one the name, when used in a WinPcap-based application, will + refer. For example, if you have a PPP serial interface and a VPN + interface, they might show up with the same name, for example + "ppp-mac", and if you try to capture on "ppp-mac", it might not + capture on the interface you're currently using. In that case, you + might, for example, have to remove the VPN interface from the + system in order to capture on the PPP serial interface. * WinPcap doesn't support PPP WAN interfaces on Windows NT/2000/XP/Server, so Ethereal cannot capture packets on those devices when running on Windows NT/2000/XP/Server. Regular dial-up @@ -1193,7 +1209,7 @@ above, and also indicate that the problem occurs with WinDump, not just with Ethereal. - Q 5.16: I'm running on a UNIX-flavored OS; why does some network + Q 5.17: I'm running on a UNIX-flavored OS; why does some network interface on my machine not show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start", and/or why does Ethereal give me an error if I try to capture on that @@ -1277,7 +1293,7 @@ above, and also indicate that the problem occurs with tcpdump not just with Ethereal. - Q 5.17: I'm running Ethereal on Windows NT/2000/XP/Server; my machine + Q 5.18: I'm running Ethereal on Windows NT/2000/XP/Server; my machine has a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the "Interface" item in the "Capture Options" dialog box. Why can no packets be sent on or received from that network while I'm trying to @@ -1291,7 +1307,7 @@ Preferences" dialog box, but this may mean that outgoing packets, or incoming packets, won't be seen in the capture. - Q 5.18: I'm running Ethereal on Windows 95/98/Me, on a machine with + Q 5.19: I'm running Ethereal on Windows 95/98/Me, on a machine with more than one network adapter of the same type; Ethereal shows all of those adapters with the same name, but I can't use any of those adapters other than the first one. @@ -1302,7 +1318,7 @@ capture only on the first such interface; Ethereal is a libpcap/WinPcap-based application. - Q 5.19: I'm running Ethereal on Windows, and I'm not seeing any + Q 5.20: I'm running Ethereal on Windows, and I'm not seeing any traffic being sent by the machine running Ethereal. A: If you are running some form of VPN client software, it might be @@ -1313,7 +1329,7 @@ outgoing packets; unfortunately, neither we nor the WinPcap developers know any way to make WinPcap and the VPN software work well together. - Q 5.20: I'm trying to capture traffic but I'm not seeing any. + Q 5.21: I'm trying to capture traffic but I'm not seeing any. A: Is the machine running Ethereal sending out any traffic on the network interface on which you're capturing, or receiving any traffic @@ -1329,7 +1345,7 @@ Otherwise, on Windows, see the response to this question and, on a UNIX-flavored OS, see the response to this question. - Q 5.21: I have an XXX network card on my machine; if I try to capture + Q 5.22: I have an XXX network card on my machine; if I try to capture on it, my machine crashes or resets itself. A: This is almost certainly a problem with one or more of: @@ -1347,7 +1363,7 @@ Linux distribution, report the problem to whoever produces the distribution). - Q 5.22: My machine crashes or resets itself when I select "Start" from + Q 5.23: My machine crashes or resets itself when I select "Start" from the "Capture" menu or select "Preferences" from the "Edit" menu. A: Both of those operations cause Ethereal to try to build a list of @@ -1356,20 +1372,20 @@ or, for Windows, WinPcap bug that causes the system to crash when this happens; see the previous question. - Q 5.23: Does Ethereal work on Windows ME? + Q 5.24: Does Ethereal work on Windows ME? A: Yes, but if you want to capture packets, you will need to install the latest version of WinPcap, as 2.02 and earlier versions of WinPcap didn't support Windows ME. You should also install the latest version of Ethereal as well. - Q 5.24: Does Ethereal work on Windows XP? + Q 5.25: Does Ethereal work on Windows XP? A: Yes, but if you want to capture packets, you will need to install the latest version of WinPcap, as 2.2 and earlier versions of WinPcap didn't support Windows XP. - Q 5.25: Why doesn't Ethereal correctly identify RTP packets? It shows + Q 5.26: Why doesn't Ethereal correctly identify RTP packets? It shows them only as UDP. A: Ethereal can identify a UDP datagram as containing a packet of a @@ -1402,7 +1418,7 @@ both the source and destination ports of the packet should be dissected as some particular protocol. - Q 5.26: Why doesn't Ethereal show Yahoo Messenger packets in captures + Q 5.27: Why doesn't Ethereal show Yahoo Messenger packets in captures that contain Yahoo Messenger traffic? A: Ethereal only recognizes as Yahoo Messenger traffic packets to or @@ -1412,7 +1428,7 @@ Messenger packets (even if the TCP segment also contains the beginning of another Yahoo Messenger packet). - Q 5.27: Why do I get the error + Q 5.28: Why do I get the error Gdk-ERROR **: Palettized display (256-colour) mode not supported on Windows. @@ -1427,7 +1443,7 @@ to a display mode with more colors; if it doesn't support more than 256 colors, you will be unable to run Ethereal. - Q 5.28: When I capture on Windows in promiscuous mode, I can see + Q 5.29: When I capture on Windows in promiscuous mode, I can see packets other than those sent to or from my machine; however, those packets show up with a "Short Frame" indication, unlike packets to or from my machine. What should I do to arrange that I see those packets @@ -1437,7 +1453,7 @@ running on the network interface on which you're capturing; turn it off on that interface. - Q 5.29: How can I capture raw 802.11 packets, including non-data + Q 5.30: How can I capture raw 802.11 packets, including non-data (management, beacon) packets? A: That would require that your 802.11 interface run in the mode @@ -1568,7 +1584,7 @@ echo "Mode: ess" >/proc/driver/aironet/ethN/Config On platforms that don't allow Ethereal to capture raw 802.11 packets, the 802.11 network will appear like an Ethernet to Ethereal. - Q 5.30: How can I capture packets with CRC errors? + Q 5.31: How can I capture packets with CRC errors? A: Ethereal can capture only the packets that the packet capture library - libpcap on UNIX-flavored OSes, and the WinPcap port to @@ -1585,7 +1601,7 @@ echo "Mode: ess" >/proc/driver/aironet/ethN/Config libpcap and the packet capture program you're using are necessary to support capturing those packets. - Q 5.31: How can I capture entire frames, including the FCS? + Q 5.32: How can I capture entire frames, including the FCS? A: Ethereal can't capture any data that the packet capture library - libpcap on UNIX-flavored OSes, and the WinPcap port to Windows of @@ -1605,7 +1621,7 @@ echo "Mode: ess" >/proc/driver/aironet/ethN/Config not support capturing the FCS of a frame on Ethernet, and probably do not support it on most other link-layer types. - Q 5.32: Ethereal hangs after I stop a capture. + Q 5.33: Ethereal hangs after I stop a capture. A: The most likely reason for this is that Ethereal is trying to look up an IP address in the capture to convert it to a name (so that, for @@ -1675,7 +1691,7 @@ echo "Mode: ess" >/proc/driver/aironet/ethN/Config contains sensitive information (e.g., passwords), then please do not send it. - Q 5.33: How can I search for, or filter, packets that have a + Q 5.34: How can I search for, or filter, packets that have a particular string anywhere in them? A: Currently, you can't. @@ -1697,4 +1713,4 @@ echo "Mode: ess" >/proc/driver/aironet/ethN/Config list. For corrections/additions/suggestions for this page, please send email to: ethereal-web[AT]ethereal.com - Last modified: Sun, May 25 2003. + Last modified: Sat, July 19 2003. diff --git a/FAQ.include b/FAQ.include index 2f1f1158e1..2411e74fa8 100644 --- a/FAQ.include +++ b/FAQ.include @@ -64,7 +64,7 @@ const char *faq_part[] = { " see from or to the machine I'm trying to monitor.\n" "\n" " 5.2 I can't see any TCP packets other than packets to and from my\n" -" machine, even though another sniffer on the network sees those\n" +" machine, even though another analyzer on the network sees those\n" " packets.\n" "\n" " 5.3 I'm only seeing ARP packets when I try to capture traffic.\n" @@ -88,63 +88,67 @@ const char *faq_part[] = { " 5.10 When I run Ethereal on Solaris 8, it dies with a Bus Error when I\n" " start it.\n" "\n" -" 5.11 When I try to run Ethereal, it complains about\n" +" 5.11 When I run Ethereal on Windows NT, it dies with a Dr. Watson\n" +" error, reporting an \"Integer division by zero\" exception, when I start\n" +" it.\n" +"\n" +" 5.12 When I try to run Ethereal, it complains about\n" " sprint_realloc_objid being undefined.\n" "\n" -" 5.12 I'm running Ethereal on Linux; why do my time stamps have only\n" +" 5.13 I'm running Ethereal on Linux; why do my time stamps have only\n" " 100ms resolution, rather than 1us resolution?\n" "\n" -" 5.13 I'm capturing packets on {Windows 95, Windows 98, Windows Me};\n" +" 5.14 I'm capturing packets on {Windows 95, Windows 98, Windows Me};\n" " why are the time stamps on packets wrong? \n" "\n" -" 5.14 When I try to run Ethereal on Windows, it fails to run because it\n" +" 5.15 When I try to run Ethereal on Windows, it fails to run because it\n" " can't find packet.dll.\n" "\n" -" 5.15 I'm running Ethereal on Windows; why does some network interface\n" +" 5.16 I'm running Ethereal on Windows; why does some network interface\n" " on my machine not show up in the list of interfaces in the\n" " \"Interface:\" field in the dialog box popped up by \"Capture->Start\",\n" " and/or why does Ethereal give me an error if I try to capture on that\n" " interface? \n" "\n" -" 5.16 I'm running on a UNIX-flavored OS; why does some network\n" +" 5.17 I'm running on a UNIX-flavored OS; why does some network\n" " interface on my machine not show up in the list of interfaces in the\n" " \"Interface:\" field in the dialog box popped up by \"Capture->Start\",\n" " and/or why does Ethereal give me an error if I try to capture on that\n" " interface? \n" "\n" -" 5.17 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has\n" +" 5.18 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has\n" " a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the\n" " \"Interface\" item in the \"Capture Options\" dialog box. Why can no\n" " packets be sent on or received from that network while I'm trying to\n" " capture traffic on that interface?\n" "\n" -" 5.18 I'm running Ethereal on Windows 95/98/Me, on a machine with more\n" +" 5.19 I'm running Ethereal on Windows 95/98/Me, on a machine with more\n" " than one network adapter of the same type; Ethereal shows all of those\n" " adapters with the same name, but I can't use any of those adapters\n" " other than the first one.\n" "\n" -" 5.19 I'm running Ethereal on Windows, and I'm not seeing any traffic\n" +" 5.20 I'm running Ethereal on Windows, and I'm not seeing any traffic\n" " being sent by the machine running Ethereal.\n" "\n" -" 5.20 I'm trying to capture traffic but I'm not seeing any.\n" +" 5.21 I'm trying to capture traffic but I'm not seeing any.\n" "\n" -" 5.21 I have an XXX network card on my machine; if I try to capture on\n" +" 5.22 I have an XXX network card on my machine; if I try to capture on\n" " it, my machine crashes or resets itself. \n" "\n" -" 5.22 My machine crashes or resets itself when I select \"Start\" from\n" +" 5.23 My machine crashes or resets itself when I select \"Start\" from\n" " the \"Capture\" menu or select \"Preferences\" from the \"Edit\" menu. \n" "\n" -" 5.23 Does Ethereal work on Windows ME? \n" +" 5.24 Does Ethereal work on Windows ME? \n" "\n" -" 5.24 Does Ethereal work on Windows XP? \n" +" 5.25 Does Ethereal work on Windows XP? \n" "\n" -" 5.25 Why doesn't Ethereal correctly identify RTP packets? It shows\n" +" 5.26 Why doesn't Ethereal correctly identify RTP packets? It shows\n" " them only as UDP.\n" "\n" -" 5.26 Why doesn't Ethereal show Yahoo Messenger packets in captures\n" +" 5.27 Why doesn't Ethereal show Yahoo Messenger packets in captures\n" " that contain Yahoo Messenger traffic?\n" "\n" -" 5.27 Why do I get the error \n" +" 5.28 Why do I get the error \n" "\n" " Gdk-ERROR **: Palettized display (256-colour) mode not supported on\n" " Windows.\n" @@ -152,22 +156,22 @@ const char *faq_part[] = { "\n" " when I try to run Ethereal on Windows?\n" "\n" -" 5.28 When I capture on Windows in promiscuous mode, I can see packets\n" +" 5.29 When I capture on Windows in promiscuous mode, I can see packets\n" " other than those sent to or from my machine; however, those packets\n" " show up with a \"Short Frame\" indication, unlike packets to or from my\n" " machine. What should I do to arrange that I see those packets in their\n" " entirety? \n" "\n" -" 5.29 How can I capture raw 802.11 packets, including non-data\n" +" 5.30 How can I capture raw 802.11 packets, including non-data\n" " (management, beacon) packets? \n" "\n" -" 5.30 How can I capture packets with CRC errors? \n" +" 5.31 How can I capture packets with CRC errors? \n" "\n" -" 5.31 How can I capture entire frames, including the FCS? \n" +" 5.32 How can I capture entire frames, including the FCS? \n" "\n" -" 5.32 Ethereal hangs after I stop a capture. \n" +" 5.33 Ethereal hangs after I stop a capture. \n" "\n" -" 5.33 How can I search for, or filter, packets that have a particular\n" +" 5.34 How can I search for, or filter, packets that have a particular\n" " string anywhere in them? \n" "\n" " GENERAL QUESTIONS \n" @@ -179,7 +183,7 @@ const char *faq_part[] = { "\n" " Q 1.2: What protocols are currently supported?\n" "\n" -" A: There are currently 381 supported protocols and media, listed\n" +" A: There are currently 385 supported protocols and media, listed\n" " below. Descriptions can be found in the ethereal(1) man page.\n" "\n" " 802.1q Virtual LAN\n" @@ -271,11 +275,13 @@ const char *faq_part[] = { " Datagram Delivery Protocol\n" " Diameter Protocol\n" " Distance Vector Multicast Routing Protocol\n" +" Distcc Distributed Compiler\n" " Distributed Checksum Clearinghouse Prototocl\n" " Domain Name Service\n" " Dynamic DNS Tools Protocol\n" " Encapsulating Security Payload\n" " Enhanced Interior Gateway Routing Protocol\n" +" EtherNet/IP (Industrial Protocol)\n" " Ethernet\n" " Ethernet over IP\n" " Extensible Authentication Protocol\n" @@ -384,6 +390,7 @@ const char *faq_part[] = { " Microsoft Server Service\n" " Microsoft Service Control\n" " Microsoft Spool Subsystem\n" +" Microsoft Task Scheduler Service\n" " Microsoft Telephony API Service\n" " Microsoft Windows Browser Protocol\n" " Microsoft Windows Lanman Remote API Protocol\n" @@ -392,6 +399,8 @@ const char *faq_part[] = { " Mobile IP\n" " Mobile IPv6\n" " Modbus/TCP\n" +, + " Mount Service\n" " MultiProtocol Label Switching Header\n" " Multicast Router DISCovery protocol\n" @@ -399,8 +408,6 @@ const char *faq_part[] = { " MySQL Protocol\n" " NFSACL\n" " NFSAUTH\n" -, - " NIS+\n" " NIS+ Callback\n" " NSPI\n" @@ -426,6 +433,7 @@ const char *faq_part[] = { " Open Shortest Path First\n" " OpenBSD Encapsulating device\n" " OpenBSD Packet Filter log file\n" +" OpenBSD Packet Filter log file, pre 3.4\n" " PC NFS\n" " PPP Bandwidth Allocation Control Protocol\n" " PPP Bandwidth Allocation Protocol\n" @@ -648,7 +656,7 @@ const char *faq_part[] = { " Ethernet was named after the \"luminiferous ether\" which was once\n" " thought to carry electromagnetic radiation. Taking that into\n" " consideration, Ethereal seemed like an appropriate name for an\n" -" Ethernet sniffer.\n" +" Ethernet analyzer.\n" "\n" " DOWNLOADING ETHEREAL \n" " Q 2.1: I downloaded the Win32 installer, but when I try to run it, I\n" @@ -779,7 +787,7 @@ const char *faq_part[] = { " may exist for other \"auto-sensing\" or \"dual-speed\" hubs.\n" "\n" " Some switches have the ability to replicate all traffic on all ports\n" -" to a single port so that you can plug your sniffer into that single\n" +" to a single port so that you can plug your analyzer into that single\n" " port to sniff all traffic. You would have to check the documentation\n" " for the switch to see if this is possible and, if so, to see how to do\n" " this. See, for example:\n" @@ -793,6 +801,8 @@ const char *faq_part[] = { "\n" " Note also that many firewall/NAT boxes have a switch built into them;\n" " this includes many of the \"cable/DSL router\" boxes. If you have a box\n" +, + " of that sort, that has a switch with some number of Ethernet ports\n" " into which you plug machines on your network, and another Ethernet\n" " port used to connect to a cable or DSL modem, you can, at least, sniff\n" @@ -801,8 +811,6 @@ const char *faq_part[] = { " Ethernet port on the modem, and the machine on which you're running\n" " Ethereal into a hub (make sure it's not a switching hub, and that, if\n" " it's a dual-speed hub, all three of those ports are running at the\n" -, - " same speed.\n" "\n" " If your machine is not plugged into a switched network or a dual-speed\n" @@ -856,7 +864,7 @@ const char *faq_part[] = { " promiscuous mode.\n" "\n" " Q 5.2: I can't see any TCP packets other than packets to and from my\n" -" machine, even though another sniffer on the network sees those\n" +" machine, even though another analyzer on the network sees those\n" " packets.\n" "\n" " A: You're probably not seeing any packets other than unicast packets\n" @@ -1029,7 +1037,15 @@ const char *faq_part[] = { " Similar problems may exist with older versions of GTK+ for earlier\n" " versions of Solaris.\n" "\n" -" Q 5.11: When I try to run Ethereal, it complains about\n" +" Q 5.11: When I run Ethereal on Windows NT, it dies with a Dr. Watson\n" +" error, reporting an \"Integer division by zero\" exception, when I start\n" +" it.\n" +"\n" +" A: In at least some case, this appears to be due to using the default\n" +" VGA driver; if that's not the correct driver for your video card, try\n" +" running the correct driver for your video card.\n" +"\n" +" Q 5.12: When I try to run Ethereal, it complains about\n" " sprint_realloc_objid being undefined.\n" "\n" " A: Ethereal can only be linked with version 4.2.2 or later of UCD\n" @@ -1039,7 +1055,7 @@ const char *faq_part[] = { " the older version, and fails. You will have to replace that version of\n" " UCD SNMP with version 4.2.2 or a later version.\n" "\n" -" Q 5.12: I'm running Ethereal on Linux; why do my time stamps have only\n" +" Q 5.13: I'm running Ethereal on Linux; why do my time stamps have only\n" " 100ms resolution, rather than 1us resolution?\n" "\n" " A: Ethereal gets time stamps from libpcap/WinPcap, and libpcap/WinPcap\n" @@ -1065,13 +1081,13 @@ const char *faq_part[] = { " have to run a standard kernel from kernel.org in order to get\n" " high-resolution time stamps.\n" "\n" -" Q 5.13: I'm capturing packets on {Windows 95, Windows 98, Windows Me};\n" +" Q 5.14: I'm capturing packets on {Windows 95, Windows 98, Windows Me};\n" " why are the time stamps on packets wrong? \n" "\n" " A: This is due to a bug in WinPcap. The bug should be fixed in WinPcap\n" " 3.0.\n" "\n" -" Q 5.14: When I try to run Ethereal on Windows, it fails to run because\n" +" Q 5.15: When I try to run Ethereal on Windows, it fails to run because\n" " it can't find packet.dll.\n" "\n" " A: In older versions of Ethereal, there were two binary distributions\n" @@ -1088,7 +1104,7 @@ const char *faq_part[] = { " Web site, the local mirror of the WinPcap Web site, or the\n" " Wiretapped.net mirror of the WinPcap site.\n" "\n" -" Q 5.15: I'm running Ethereal on Windows; why does some network\n" +" Q 5.16: I'm running Ethereal on Windows; why does some network\n" " interface on my machine not show up in the list of interfaces in the\n" " \"Interface:\" field in the dialog box popped up by \"Capture->Start\",\n" " and/or why does Ethereal give me an error if I try to capture on that\n" @@ -1104,10 +1120,10 @@ const char *faq_part[] = { "\n" " If you are running on Windows 95/98/Me, or if you are running on\n" " Windows NT 4.0/2000/XP/Server and have administrator privileges or a\n" -" WinPcap program has been run with those privileges since the machine\n" -" rebooted, then note that Ethereal relies on the WinPcap library, on\n" -" the WinPcap device driver, and on the facilities that come with the OS\n" -" on which it's running in order to do captures.\n" +" WinPcap-based program has been run with those privileges since the\n" +" machine rebooted, then note that Ethereal relies on the WinPcap\n" +" library, on the WinPcap device driver, and on the facilities that come\n" +" with the OS on which it's running in order to do captures.\n" "\n" " Therefore, if the OS, the WinPcap library, or the WinPcap driver don't\n" " support capturing on a particular network interface device, Ethereal\n" @@ -1127,13 +1143,13 @@ const char *faq_part[] = { " * On Windows 95, 98, or Me, sometimes more than one interface will\n" " be given the same name; if that is the case, you will only be able\n" " to capture on one of those interfaces - it's not clear to which\n" -" one the name, when used in a WinPcap application, will refer. For\n" -" example, if you have a PPP serial interface and a VPN interface,\n" -" they might show up with the same name, for example \"ppp-mac\", and\n" -" if you try to capture on \"ppp-mac\", it might not capture on the\n" -" interface you're currently using. In that case, you might, for\n" -" example, have to remove the VPN interface from the system in order\n" -" to capture on the PPP serial interface.\n" +" one the name, when used in a WinPcap-based application, will\n" +" refer. For example, if you have a PPP serial interface and a VPN\n" +" interface, they might show up with the same name, for example\n" +" \"ppp-mac\", and if you try to capture on \"ppp-mac\", it might not\n" +" capture on the interface you're currently using. In that case, you\n" +" might, for example, have to remove the VPN interface from the\n" +" system in order to capture on the PPP serial interface.\n" " * WinPcap doesn't support PPP WAN interfaces on Windows\n" " NT/2000/XP/Server, so Ethereal cannot capture packets on those\n" " devices when running on Windows NT/2000/XP/Server. Regular dial-up\n" @@ -1187,6 +1203,8 @@ const char *faq_part[] = { " Wiretapped.net mirror of that FAQ, to see if your problem is mentioned\n" " there. If not, then see the WinPcap support page (or the local mirror\n" " of that page) - check the \"Submitting bugs\" section.\n" +, + "\n" " You may also want to ask the ethereal-users@ethereal.com and the\n" " winpcap-users@winpcap.polito.it mailing lists to see if anybody\n" @@ -1198,13 +1216,11 @@ const char *faq_part[] = { " above, and also indicate that the problem occurs with WinDump, not\n" " just with Ethereal.\n" "\n" -" Q 5.16: I'm running on a UNIX-flavored OS; why does some network\n" +" Q 5.17: I'm running on a UNIX-flavored OS; why does some network\n" " interface on my machine not show up in the list of interfaces in the\n" " \"Interface:\" field in the dialog box popped up by \"Capture->Start\",\n" " and/or why does Ethereal give me an error if I try to capture on that\n" " interface? \n" -, - "\n" " A: You may need to run Ethereal from an account with sufficient\n" " privileges to capture packets, such as the super-user account. Only\n" @@ -1284,7 +1300,7 @@ const char *faq_part[] = { " above, and also indicate that the problem occurs with tcpdump not just\n" " with Ethereal.\n" "\n" -" Q 5.17: I'm running Ethereal on Windows NT/2000/XP/Server; my machine\n" +" Q 5.18: I'm running Ethereal on Windows NT/2000/XP/Server; my machine\n" " has a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the\n" " \"Interface\" item in the \"Capture Options\" dialog box. Why can no\n" " packets be sent on or received from that network while I'm trying to\n" @@ -1298,7 +1314,7 @@ const char *faq_part[] = { " Preferences\" dialog box, but this may mean that outgoing packets, or\n" " incoming packets, won't be seen in the capture.\n" "\n" -" Q 5.18: I'm running Ethereal on Windows 95/98/Me, on a machine with\n" +" Q 5.19: I'm running Ethereal on Windows 95/98/Me, on a machine with\n" " more than one network adapter of the same type; Ethereal shows all of\n" " those adapters with the same name, but I can't use any of those\n" " adapters other than the first one.\n" @@ -1309,7 +1325,7 @@ const char *faq_part[] = { " capture only on the first such interface; Ethereal is a\n" " libpcap/WinPcap-based application.\n" "\n" -" Q 5.19: I'm running Ethereal on Windows, and I'm not seeing any\n" +" Q 5.20: I'm running Ethereal on Windows, and I'm not seeing any\n" " traffic being sent by the machine running Ethereal.\n" "\n" " A: If you are running some form of VPN client software, it might be\n" @@ -1320,7 +1336,7 @@ const char *faq_part[] = { " outgoing packets; unfortunately, neither we nor the WinPcap developers\n" " know any way to make WinPcap and the VPN software work well together.\n" "\n" -" Q 5.20: I'm trying to capture traffic but I'm not seeing any.\n" +" Q 5.21: I'm trying to capture traffic but I'm not seeing any.\n" "\n" " A: Is the machine running Ethereal sending out any traffic on the\n" " network interface on which you're capturing, or receiving any traffic\n" @@ -1336,7 +1352,7 @@ const char *faq_part[] = { " Otherwise, on Windows, see the response to this question and, on a\n" " UNIX-flavored OS, see the response to this question.\n" "\n" -" Q 5.21: I have an XXX network card on my machine; if I try to capture\n" +" Q 5.22: I have an XXX network card on my machine; if I try to capture\n" " on it, my machine crashes or resets itself. \n" "\n" " A: This is almost certainly a problem with one or more of:\n" @@ -1354,7 +1370,7 @@ const char *faq_part[] = { " Linux distribution, report the problem to whoever produces the\n" " distribution).\n" "\n" -" Q 5.22: My machine crashes or resets itself when I select \"Start\" from\n" +" Q 5.23: My machine crashes or resets itself when I select \"Start\" from\n" " the \"Capture\" menu or select \"Preferences\" from the \"Edit\" menu. \n" "\n" " A: Both of those operations cause Ethereal to try to build a list of\n" @@ -1363,20 +1379,20 @@ const char *faq_part[] = { " or, for Windows, WinPcap bug that causes the system to crash when this\n" " happens; see the previous question.\n" "\n" -" Q 5.23: Does Ethereal work on Windows ME? \n" +" Q 5.24: Does Ethereal work on Windows ME? \n" "\n" " A: Yes, but if you want to capture packets, you will need to install\n" " the latest version of WinPcap, as 2.02 and earlier versions of WinPcap\n" " didn't support Windows ME. You should also install the latest version\n" " of Ethereal as well.\n" "\n" -" Q 5.24: Does Ethereal work on Windows XP? \n" +" Q 5.25: Does Ethereal work on Windows XP? \n" "\n" " A: Yes, but if you want to capture packets, you will need to install\n" " the latest version of WinPcap, as 2.2 and earlier versions of WinPcap\n" " didn't support Windows XP.\n" "\n" -" Q 5.25: Why doesn't Ethereal correctly identify RTP packets? It shows\n" +" Q 5.26: Why doesn't Ethereal correctly identify RTP packets? It shows\n" " them only as UDP.\n" "\n" " A: Ethereal can identify a UDP datagram as containing a packet of a\n" @@ -1409,7 +1425,7 @@ const char *faq_part[] = { " both the source and destination ports of the packet should be\n" " dissected as some particular protocol.\n" "\n" -" Q 5.26: Why doesn't Ethereal show Yahoo Messenger packets in captures\n" +" Q 5.27: Why doesn't Ethereal show Yahoo Messenger packets in captures\n" " that contain Yahoo Messenger traffic?\n" "\n" " A: Ethereal only recognizes as Yahoo Messenger traffic packets to or\n" @@ -1419,7 +1435,7 @@ const char *faq_part[] = { " Messenger packets (even if the TCP segment also contains the beginning\n" " of another Yahoo Messenger packet).\n" "\n" -" Q 5.27: Why do I get the error \n" +" Q 5.28: Why do I get the error \n" "\n" " Gdk-ERROR **: Palettized display (256-colour) mode not supported on\n" " Windows.\n" @@ -1434,7 +1450,7 @@ const char *faq_part[] = { " to a display mode with more colors; if it doesn't support more than\n" " 256 colors, you will be unable to run Ethereal.\n" "\n" -" Q 5.28: When I capture on Windows in promiscuous mode, I can see\n" +" Q 5.29: When I capture on Windows in promiscuous mode, I can see\n" " packets other than those sent to or from my machine; however, those\n" " packets show up with a \"Short Frame\" indication, unlike packets to or\n" " from my machine. What should I do to arrange that I see those packets\n" @@ -1444,7 +1460,7 @@ const char *faq_part[] = { " running on the network interface on which you're capturing; turn it\n" " off on that interface.\n" "\n" -" Q 5.29: How can I capture raw 802.11 packets, including non-data\n" +" Q 5.30: How can I capture raw 802.11 packets, including non-data\n" " (management, beacon) packets? \n" "\n" " A: That would require that your 802.11 interface run in the mode\n" @@ -1575,7 +1591,7 @@ const char *faq_part[] = { " On platforms that don't allow Ethereal to capture raw 802.11 packets,\n" " the 802.11 network will appear like an Ethernet to Ethereal.\n" "\n" -" Q 5.30: How can I capture packets with CRC errors? \n" +" Q 5.31: How can I capture packets with CRC errors? \n" "\n" " A: Ethereal can capture only the packets that the packet capture\n" " library - libpcap on UNIX-flavored OSes, and the WinPcap port to\n" @@ -1589,10 +1605,12 @@ const char *faq_part[] = { " programs that capture raw packets, such as tcpdump - cannot capture\n" " those packets. You will have to determine whether your OS can be so\n" " configured, configure it if possible, and make whatever changes to\n" +, + " libpcap and the packet capture program you're using are necessary to\n" " support capturing those packets.\n" "\n" -" Q 5.31: How can I capture entire frames, including the FCS? \n" +" Q 5.32: How can I capture entire frames, including the FCS? \n" "\n" " A: Ethereal can't capture any data that the packet capture library -\n" " libpcap on UNIX-flavored OSes, and the WinPcap port to Windows of\n" @@ -1605,8 +1623,6 @@ const char *faq_part[] = { " FCS of a frame as part of the frame, or can be configured to supply\n" " the FCS of a frame as part of the frame, Ethereal - and other programs\n" " that capture raw packets, such as tcpdump - cannot capture the FCS of\n" -, - " a frame. You will have to determine whether your OS can be so\n" " configured, configure it if possible, and make whatever changes to\n" " libpcap and the packet capture program you're using are necessary to\n" @@ -1614,7 +1630,7 @@ const char *faq_part[] = { " not support capturing the FCS of a frame on Ethernet, and probably do\n" " not support it on most other link-layer types.\n" "\n" -" Q 5.32: Ethereal hangs after I stop a capture. \n" +" Q 5.33: Ethereal hangs after I stop a capture. \n" "\n" " A: The most likely reason for this is that Ethereal is trying to look\n" " up an IP address in the capture to convert it to a name (so that, for\n" @@ -1684,7 +1700,7 @@ const char *faq_part[] = { " contains sensitive information (e.g., passwords), then please do not\n" " send it.\n" "\n" -" Q 5.33: How can I search for, or filter, packets that have a\n" +" Q 5.34: How can I search for, or filter, packets that have a\n" " particular string anywhere in them? \n" "\n" " A: Currently, you can't.\n" @@ -1706,7 +1722,7 @@ const char *faq_part[] = { " list. \n" " For corrections/additions/suggestions for this page, please send email\n" " to: ethereal-web[AT]ethereal.com\n" -" Last modified: Sun, May 25 2003.\n" +" Last modified: Sat, July 19 2003.\n" }; #define FAQ_PARTS 5 -#define FAQ_SIZE 77302 +#define FAQ_SIZE 78005 |