diff options
| author | Jörg Mayer <jmayer@loplof.de> | 2005-03-06 02:07:53 +0000 |
|---|---|---|
| committer | Jörg Mayer <jmayer@loplof.de> | 2005-03-06 02:07:53 +0000 |
| commit | 723feba68ed9a79d7455e3c08b3b5a1ce0a40bef (patch) | |
| tree | e10954ba243870f65ccaf0004f0d7d5ac88141a8 /help | |
| parent | 476c8da0867c011606b8d60dfeb388f5f48c830e (diff) | |
Update to Sun, February 27 2005.
svn path=/trunk/; revision=13610
Diffstat (limited to 'help')
| -rw-r--r-- | help/faq.txt | 248 |
1 files changed, 154 insertions, 94 deletions
diff --git a/help/faq.txt b/help/faq.txt index ab23e8c9bf..a4840a97a5 100644 --- a/help/faq.txt +++ b/help/faq.txt @@ -86,7 +86,7 @@ Using Ethereal: box popped up by "Capture->Start"? 5.6 I'm running Ethereal on Windows; why doesn't my serial port/ADSL - modem/ISDN modem/show up in the list of interfaces in the "Interface:" + modem/ISDN modem show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start"? 5.7 I'm running Ethereal on a UNIX-flavored OS; why does some network @@ -147,11 +147,12 @@ Using Ethereal: 5.23 When I try to run Ethereal on Windows, it fails to run because it can't find packet.dll. - 5.24 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has - a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the - "Interface" item in the "Capture Options" dialog box. Why can no - packets be sent on or received from that network while I'm trying to - capture traffic on that interface? + 5.24 I'm running Ethereal on Windows NT 4.0/Windows 2000/Windows + XP/Windows Server 2003; my machine has a PPP (dial-up POTS, ISDN, + etc.) interface, and it shows up in the "Interface" item in the + "Capture Options" dialog box. Why can no packets be sent on or + received from that network while I'm trying to capture traffic on that + interface? 5.25 I'm running Ethereal on Windows 95/98/Me, on a machine with more than one network adapter of the same type; Ethereal shows all of those @@ -252,7 +253,7 @@ General Questions Q 1.4: Can I use Ethereal as part of my commercial product? - A: As noted, Ethereal is licended under the GNU General Public + A: As noted, Ethereal is licensed under the GNU General Public License. The GPL imposes conditions on your use of GPL'ed code in your own products; you cannot, for example, make a "derived work" from Ethereal, by making modifications to it, and then sell the resulting @@ -271,7 +272,7 @@ General Questions Q 1.5: What protocols are currently supported? - A: There are currently 620 supported protocols and media, listed + A: There are currently 658 supported protocols and media, listed below. Descriptions can be found in the ethereal(1) man page. 3GPP2 A11 @@ -320,6 +321,7 @@ General Questions AVS WLAN Capture header AX/4000 Test Block Ad hoc On-demand Distance Vector Routing Protocol + Adaptive Multi-Rate Address Resolution Protocol Aggregate Server Access Protocol Alert Standard Forum @@ -334,6 +336,7 @@ General Questions Application Configuration Access Protocol Art-Net Async data over ISDN (V.120) + Asynchronous Layered Coding Authentication Header BACnet Virtual Link Control BEA Tuxedo @@ -360,9 +363,12 @@ General Questions Border Gateway Protocol Building Automation and Control Network APDU Building Automation and Control Network NPDU + CBAPhysicalDevice CCSDS CDS Clerk Server Calls Cast Client Control Protocol + Certificate Management Protocol + Certificate Request Message Format Check Point High Availability Protocol Checkpoint FW-1 Cisco Auto-RP @@ -399,7 +405,7 @@ General Questions DCE/RPC Conversation Manager DCE/RPC Directory Acl Interface DCE/RPC Endpoint Mapper - DCE/RPC Endpoint Mapper4 + DCE/RPC Endpoint Mapper v4 DCE/RPC FLDB DCE/RPC FLDB UBIK TRANSFER DCE/RPC FLDB UBIKVOTE @@ -423,8 +429,10 @@ cies DCE/RPC Repserver Calls DCE/RPC TokenServer Calls DCE/RPC UpServer + DCOM + DCOM IDispatch + DCOM IRemoteActivation DCOM OXID Resolver - DCOM Remote Activation DEC Spanning Tree Protocol DFS Calls DG Gryphon Protocol @@ -507,27 +515,51 @@ cies GSM A-I/F BSSMAP GSM A-I/F DTAP GSM A-I/F RP + GSM Mobile Application Part GSM SMS TPDU (GSM 03.40) GSM Short Message Service User Data - GSM_MobileAPplication General Inter-ORB Protocol Generic Routing Encapsulation Generic Security Service Application Program Interface Gnutella Protocol H.248 MEGACO - H225 H235-SECURITY-MESSAGES - H245 - H4501 HP Extended Local-Link Control HP Remote Maintenance Protocol Hummingbird NFS Daemon HyperSCSI Hypertext Transfer Protocol + ICBAAccoCallback + ICBAAccoCallback2 + ICBAAccoMgt + ICBAAccoMgt2 + ICBAAccoServer + ICBAAccoServer2 + ICBAAccoServerSRT + ICBAAccoSync + ICBABrowse + ICBABrowse2 + ICBAGroupError + ICBAGroupErrorEvent + ICBALogicalDevice + ICBALogicalDevice2 + ICBAPersist + ICBAPersist2 + ICBAPhysicalDevice + ICBAPhysicalDevice2 + ICBAPhysicalDevicePC + ICBAPhysicalDevicePCEvent + ICBARTAuto + ICBARTAuto2 + ICBAState + ICBAStateEvent + ICBASystemProperties + ICBATime ICQ Protocol IEEE 802.11 Radiotap Capture header IEEE 802.11 wireless LAN IEEE 802.11 wireless LAN management frame + IEEE802a OUI Extended Ethertype ILMI IP Device Control (SS7 over IP) IP Over FC @@ -536,8 +568,8 @@ cies IPX Message IPX Routing Information Protocol IPX WAN - IRemUnknown IRemUnknown Resolver - IRemUnknown2 IRemUnknown2 Resolver + IRemUnknown + IRemUnknown2 ISDN ISDN Q.921-User Adaptation Layer ISDN User Part @@ -578,6 +610,7 @@ cies IrDA Link Access Protocol IrDA Link Management Protocol JPEG File Interchange Format + JXTA P2P Jabber XML Messaging Java RMI Java Serialization @@ -628,6 +661,7 @@ cies Message Transfer Part Level 2 Message Transfer Part Level 3 Message Transfer Part Level 3 Management + Meta Analysis Tracing Engine Microsoft Directory Replication Service Microsoft Distributed File System Microsoft Distributed Link Tracking Server Service @@ -668,6 +702,7 @@ cies NTLM Secure Service Provider Name Binding Protocol Name Management Protocol over IPX + Negative-acknowledgment Oriented Reliable Multicast NetBIOS NetBIOS Datagram Service NetBIOS Name Service @@ -707,7 +742,6 @@ cies PKIX1Explitit PKIX1Implitit PKIXProxy (RFC3820) - POSTGRESQL PPP Bandwidth Allocation Control Protocol PPP Bandwidth Allocation Protocol PPP CDP Control Protocol @@ -717,6 +751,7 @@ cies PPP Compression Control Protocol PPP IP Control Protocol PPP IPv6 Control Protocol + PPP In HDLC-Like Framing PPP Link Control Protocol PPP MPLS Control Protocol PPP Multilink Protocol @@ -738,6 +773,7 @@ cies Port Aggregation Protocol Portmap Post Office Protocol + PostgreSQL Pragmatic General Multicast Precision Time Protocol (IEEE1588) Prism @@ -893,6 +929,9 @@ cies Zone Information Protocol eDonkey Protocol giFT Internet File Transfer + h225 + h245 + h450 iSCSI iSNS @@ -1111,9 +1150,10 @@ Using Ethereal to see from or to the machine I'm trying to monitor. A: This might be because the interface on which you're capturing is - plugged into a switch; on a switched network, unicast traffic between - two ports will not necessarily appear on other ports - only broadcast - and multicast traffic will be sent to all ports. + plugged into an Ethernet or Token Ring switch; on a switched network, + unicast traffic between two ports will not necessarily appear on other + ports - only broadcast and multicast traffic will be sent to all + ports. Note that even if your machine is plugged into a hub, the "hub" may be a switched hub, in which case you're still on a switched network. @@ -1182,11 +1222,8 @@ Using Ethereal In the case of token ring interfaces, the drivers for some of them, on Windows, may require you to enable promiscuous mode in order to - capture in promiscuous mode. Ask the vendor of the card how to do - this, or see, for example, this information on promiscuous mode on - some Madge token ring adapters (note that those cards can have - promiscuous mode disabled permanently, in which case you can't enable - it). + capture in promiscuous mode. See the Ethereal Wiki item on Token Ring + capturing for details. In the case of wireless LAN interfaces, it appears that, when those interfaces are promiscuously sniffing, they're running in a @@ -1237,19 +1274,20 @@ Using Ethereal interface? A: If you are running Ethereal on Windows NT 4.0, Windows 2000, - Windows XP, or Windows Server, and this is the first time you have run - a WinPcap-based program (such as Ethereal, or Tethereal, or WinDump, - or Analyzer, or...) since the machine was rebooted, you need to run - that program from an account with administrator privileges; once you - have run such a program, you will not need administrator privileges to - run any such programs until you reboot. + Windows XP, or Windows Server 2003, and this is the first time you + have run a WinPcap-based program (such as Ethereal, or Tethereal, or + WinDump, or Analyzer, or...) since the machine was rebooted, you need + to run that program from an account with administrator privileges; + once you have run such a program, you will not need administrator + privileges to run any such programs until you reboot. If you are running on Windows 95/98/Me, or if you are running on - Windows NT 4.0/2000/XP/Server and have administrator privileges or a - WinPcap-based program has been run with those privileges since the - machine rebooted, then note that Ethereal relies on the WinPcap - library, on the WinPcap device driver, and on the facilities that come - with the OS on which it's running in order to do captures. + Windows NT 4.0/Windows 2000/Windows XP/Windows Server 2003 and have + administrator privileges or a WinPcap-based program has been run with + those privileges since the machine rebooted, then note that Ethereal + relies on the WinPcap library, on the WinPcap device driver, and on + the facilities that come with the OS on which it's running in order to + do captures. Therefore, if the OS, the WinPcap library, or the WinPcap driver don't support capturing on a particular network interface device, Ethereal @@ -1276,14 +1314,22 @@ Using Ethereal capture on the interface you're currently using. In that case, you might, for example, have to remove the VPN interface from the system in order to capture on the PPP serial interface. - 3. WinPcap 3.0 doesn't support PPP WAN interfaces, and WinPcap 2.3 - doesn't support PPP WAN interfaces on Windows NT/2000/XP/Server, - so Ethereal cannot capture packets on those devices with WinPcap - 3.0, or with WInPcap 2.x when running on Windows - NT/2000/XP/Server. Regular dial-up lines, ISDN lines, and various - other lines such as T1/E1 lines are all PPP interfaces. This may - cause the interface not to show up on the list of interfaces in - the "Capture Options" dialog. + 3. WinPcap 2.3 has problems supporting PPP WAN interfaces on Windows + NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, and, to + avoid those problems, support for PPP WAN interfaces on those + versions of Windows has been disabled in WinPcap 3.0. Regular + dial-up lines, ISDN lines, ADSL connections using PPPoE or PPPoA, + and various other lines such as T1/E1 lines are all PPP + interfaces, so those interfaces might not show up on the list of + interfaces in the "Capture Options" dialog on those OSes. + On Windows 2000 and later, installing the beta version of WinPcap + 3.1 might help, although, as it's a beta version, that might cause + some other problems that don't occur with older versions of + WinPcap; you should report those problems to the WinPcap + developers, so that they can try to fix those problems before the + final version of WinPcap 3.1 is released. WinPcap 3.1 will not + support PPP captures on Windows NT 4.0. See the Ethereal Wiki item + on PPP capturing for details. 4. WinPcap prior to 3.0 does not support multiprocessor machines (note that machines with a single multi-threaded processor, such as Intel's new multi-threaded x86 processors, are multiprocessor @@ -1365,16 +1411,23 @@ Using Ethereal response to that question. Q 5.6: I'm running Ethereal on Windows; why doesn't my serial - port/ADSL modem/ISDN modem/show up in the list of interfaces in the + port/ADSL modem/ISDN modem show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start"? - A: All of those devices support Internet access using the - Point-to-Point (PPP) protocol; WinPcap 3.0 doesn't support PPP - interfaces, and WinPcap 2.x doesn't support PPP interfaces on Windows - NT/2000/XP/Server, so Ethereal cannot capture packets on those devices - with WinPcap 3.0, or with WinPcap 2.x when running on Windows - NT/2000/XP/Server. This may cause the interface not to show up on the - list of interfaces in the "Capture Options" dialog. + A: Internet access on those devices is often done with the + Point-to-Point (PPP) protocol; WinPcap 2.3 has problems supporting PPP + WAN interfaces on Windows NT 4.0, Windows 2000, Windows XP, and + Windows Server 2003, and, to avoid those problems, support for PPP WAN + interfaces on those versions of Windows has been disabled in WinPcap + 3.0. + + On Windows 2000 and later, installing the beta version of WinPcap 3.1 + might help, although, as it's a beta version, that might cause some + other problems that don't occur with older versions of WinPcap; you + should report those problems to the WinPcap developers, so that they + can try to fix those problems before the final version of WinPcap 3.1 + is released. WinPcap 3.1 will not support PPP captures on Windows NT + 4.0. See the Ethereal Wiki item on PPP capturing for details. Q 5.7: I'm running Ethereal on a UNIX-flavored OS; why does some network interface on my machine not show up in the list of interfaces @@ -1383,31 +1436,27 @@ Using Ethereal to capture on that interface? A: You may need to run Ethereal from an account with sufficient - privileges to capture packets, such as the super-user account. Only - those interfaces that Ethereal can open for capturing show up in that - list; if you don't have sufficient privileges to capture on any - interfaces, no interfaces will show up in the list. + privileges to capture packets, such as the super-user account, or may + need to give your account sufficient privileges to capture packets. + Only those interfaces that Ethereal can open for capturing show up in + that list; if you don't have sufficient privileges to capture on any + interfaces, no interfaces will show up in the list. See the Ethereal + Wiki item on capture privileges for details on how to give a + particular account or account group capture privileges on platforms + where that can be done. If you are running Ethereal from an account with sufficient privileges, then note that Ethereal relies on the libpcap library, and on the facilities that come with the OS on which it's running in order - to do captures. - - Therefore, if the OS or the libpcap library don't support capturing on - a particular network interface device, Ethereal won't be able to - capture on that device. - - On Linux, note that you need to have "packet socket" support enabled - in your kernel; see the "Packet socket" item in the Linux - "Configure.help" file. - - On BSD, note that you need to have BPF support enabled in your kernel; - see the documentation for your system for information on how to enable - BPF support (if it's not enabled by default on your system). - - On DEC OSF/1, Digital UNIX, or Tru64 UNIX, note that you need to have - packet filtering support in your kernel; the doconfig command will - allow you to configure and build a new kernel with that option. + to do captures. On some OSes, those facilities aren't present by + default; see the Ethereal Wiki item on adding capture support for + details. + + And, even if you're running with an account that has sufficient + privileges to capture, and capture support is present in your OS, if + the OS or the libpcap library don't support capturing on a particular + network interface device or particular types of devices, Ethereal + won't be able to capture on that device. On Solaris, note that libpcap 0.6.2 and earlier didn't support Token Ring interfaces; the current version, 0.7.2, does support Token Ring, @@ -1716,19 +1765,29 @@ Using Ethereal Web site, the local mirror of the WinPcap Web site, or the Wiretapped.net mirror of the WinPcap site. - Q 5.24: I'm running Ethereal on Windows NT/2000/XP/Server; my machine - has a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the - "Interface" item in the "Capture Options" dialog box. Why can no - packets be sent on or received from that network while I'm trying to - capture traffic on that interface? + Q 5.24: I'm running Ethereal on Windows NT 4.0/Windows 2000/Windows + XP/Windows Server 2003; my machine has a PPP (dial-up POTS, ISDN, + etc.) interface, and it shows up in the "Interface" item in the + "Capture Options" dialog box. Why can no packets be sent on or + received from that network while I'm trying to capture traffic on that + interface? - A: WinPcap doesn't support PPP WAN interfaces on Windows - NT/2000/XP/Server; one symptom that may be seen is that attempts to - capture in promiscuous mode on the interface cause the interface to be - incapable of sending or receiving packets. You can disable promiscuous - mode using the -p command-line flag or the item in the "Capture - Preferences" dialog box, but this may mean that outgoing packets, or - incoming packets, won't be seen in the capture. + A: Some versions of WinPcap have problems with PPP WAN interfaces on + Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003; one + symptom that may be seen is that attempts to capture in promiscuous + mode on the interface cause the interface to be incapable of sending + or receiving packets. You can disable promiscuous mode using the -p + command-line flag or the item in the "Capture Preferences" dialog box, + but this may mean that outgoing packets, or incoming packets, won't be + seen in the capture. + + On Windows 2000 and later, installing the beta version of WinPcap 3.1 + might help, although, as it's a beta version, that might cause some + other problems that don't occur with older versions of WinPcap; you + should report those problems to the WinPcap developers, so that they + can try to fix those problems before the final version of WinPcap 3.1 + is released. WinPcap 3.1 will not support PPP captures on Windows NT + 4.0. See the Ethereal Wiki item on PPP capturing for details. Q 5.25: I'm running Ethereal on Windows 95/98/Me, on a machine with more than one network adapter of the same type; Ethereal shows all of @@ -1900,7 +1959,8 @@ Using Ethereal In order to see the raw Ethernet packets, rather than "de-VLANized" packets, you would have to capture not on the virtual interface for the VLAN, but on the interface corresponding to the physical network - device, if possible. + device, if possible. See the Ethereal Wiki item on VLAN capturing for + details. Q 5.37: How can I capture raw 802.11 packets, including non-data (management, beacon) packets? @@ -2304,13 +2364,13 @@ Using Ethereal or /var/tmp on UNIX-flavored OSes, \TEMP on the main system disk (normally C:) on Windows 9x/Me/NT 4.0, and \Documents and Settings\your login name\Local Settings\Temp on the main system disk - on Windows 2000/XP/Server 2003, so the capture file will probably be - there. It will have a name beginning with ether, with some mixture of - letters and numbers after that. Please don't send a trace file greater - than 1 MB when compressed; instead, make it available via FTP or HTTP, - or say it's available but leave it up to a developer to ask for it. If - the trace file contains sensitive information (e.g., passwords), then - please do not send it. + on Windows 2000/Windows XP/Windows Server 2003, so the capture file + will probably be there. It will have a name beginning with ether, with + some mixture of letters and numbers after that. Please don't send a + trace file greater than 1 MB when compressed; instead, make it + available via FTP or HTTP, or say it's available but leave it up to a + developer to ask for it. If the trace file contains sensitive + information (e.g., passwords), then please do not send it. Q 5.46: How can I search for, or filter, packets that have a particular string anywhere in them? @@ -2353,4 +2413,4 @@ Using Ethereal For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com . - Last modified: Fri, January 14 2005. + Last modified: Sun, February 27 2005. |