5.10 When I run Ethereal on Solaris 8, it dies with a Bus Error when I
start it.
- 5.11 I'm running Ethereal on Linux; why do my time stamps have only
+ 5.11 When I try to run Ethereal, it complains about
+ sprint_realloc_objid being undefined.
+
+ 5.12 I'm running Ethereal on Linux; why do my time stamps have only
100ms resolution, rather than 1us resolution?
- 5.12 I'm capturing packets on {Windows 95, Windows 98, Windows Me};
+ 5.13 I'm capturing packets on {Windows 95, Windows 98, Windows Me};
why are the time stamps on packets wrong?
- 5.13 When I try to run Ethereal on Windows, it fails to run because it
+ 5.14 When I try to run Ethereal on Windows, it fails to run because it
can't find packet.dll.
- 5.14 I'm running on Windows; why does some network interface on my
- machine not show up in the list of interfaces in the "Interface:"
- field in the dialog box popped up by "Capture->Start", and/or why does
- Ethereal give me an error if I try to capture on that interface?
+ 5.15 I'm running Ethereal on Windows; why does some network interface
+ on my machine not show up in the list of interfaces in the
+ "Interface:" field in the dialog box popped up by "Capture->Start",
+ and/or why does Ethereal give me an error if I try to capture on that
+ interface?
- 5.15 I'm running on a UNIX-flavored OS; why does some network
+ 5.16 I'm running on a UNIX-flavored OS; why does some network
interface on my machine not show up in the list of interfaces in the
"Interface:" field in the dialog box popped up by "Capture->Start",
and/or why does Ethereal give me an error if I try to capture on that
interface?
- 5.16 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has
+ 5.17 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has
a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the
"Interface" item in the "Capture Options" dialog box. Why can no
packets be sent on or received from that network while I'm trying to
capture traffic on that interface?
- 5.17 I'm running Ethereal on Windows 95/98/Me, on a machine with more
+ 5.18 I'm running Ethereal on Windows 95/98/Me, on a machine with more
than one network adapter of the same type; Ethereal shows all of those
adapters with the same name, but I can't use any of those adapters
other than the first one.
- 5.18 I'm running Ethereal on Windows, and I'm not seeing any traffic
+ 5.19 I'm running Ethereal on Windows, and I'm not seeing any traffic
being sent by the machine running Ethereal.
- 5.19 I have an XXX network card on my machine; if I try to capture on
+ 5.20 I'm trying to capture traffic but I'm not seeing any.
+
+ 5.21 I have an XXX network card on my machine; if I try to capture on
it, my machine crashes or resets itself.
- 5.20 My machine crashes or resets itself when I select "Start" from
+ 5.22 My machine crashes or resets itself when I select "Start" from
the "Capture" menu or select "Preferences" from the "Edit" menu.
- 5.21 Does Ethereal work on Windows ME?
+ 5.23 Does Ethereal work on Windows ME?
- 5.22 Does Ethereal work on Windows XP?
+ 5.24 Does Ethereal work on Windows XP?
- 5.23 Why doesn't Ethereal correctly identify RTP packets? It shows
+ 5.25 Why doesn't Ethereal correctly identify RTP packets? It shows
them only as UDP.
- 5.24 Why doesn't Ethereal show Yahoo Messenger packets in captures
+ 5.26 Why doesn't Ethereal show Yahoo Messenger packets in captures
that contain Yahoo Messenger traffic?
- 5.25 Why do I get the error
+ 5.27 Why do I get the error
Gdk-ERROR **: Palettized display (256-colour) mode not supported on
Windows.
when I try to run Ethereal on Windows?
- 5.26 When I capture on Windows in promiscuous mode, I can see packets
+ 5.28 When I capture on Windows in promiscuous mode, I can see packets
other than those sent to or from my machine; however, those packets
show up with a "Short Frame" indication, unlike packets to or from my
machine. What should I do to arrange that I see those packets in their
entirety?
- 5.27 How can I capture raw 802.11 packets, including non-data
+ 5.29 How can I capture raw 802.11 packets, including non-data
(management, beacon) packets?
- 5.28 How can I capture packets with CRC errors?
+ 5.30 How can I capture packets with CRC errors?
- 5.29 How can I capture entire frames, including the FCS?
+ 5.31 How can I capture entire frames, including the FCS?
- 5.30 Ethereal hangs after I stop a capture.
+ 5.32 Ethereal hangs after I stop a capture.
- 5.31 How can I search for, or filter, packets that have a particular
+ 5.33 How can I search for, or filter, packets that have a particular
string anywhere in them?
GENERAL QUESTIONS
Q 1.2: What protocols are currently supported?
- A: There are currently 366 supported protocols and media, listed
+ A: There are currently 381 supported protocols and media, listed
below. Descriptions can be found in the ethereal(1) man page.
802.1q Virtual LAN
ATM OAM AAL
AVS WLAN Capture header
Ad hoc On-demand Distance Vector Routing Protocol
- Ad hoc On-demand Distance Vector Routing Protocol v6
Address Resolution Protocol
Aggregate Server Access Protocol
+ Alert Standard Forum
Andrew File System (AFS)
Apache JServ Protocol v1.3
AppleTalk Filing Protocol
AppleTalk Session Protocol
AppleTalk Transaction Protocol packet
Appletalk Address Resolution Protocol
+ Application Configuration Access Protocol
Async data over ISDN (V.120)
Authentication Header
BACnet Virtual Link Control
- Banyan Vines
+ Banyan Vines ARP
+ Banyan Vines Echo
Banyan Vines Fragmentation Protocol
+ Banyan Vines ICP
+ Banyan Vines IP
+ Banyan Vines IPC
+ Banyan Vines LLC
+ Banyan Vines RTP
Banyan Vines SPP
Blocks Extensible Exchange Protocol
Boardwalk
IP Payload Compression
IPX Message
IPX Routing Information Protocol
+ IPX WAN
ISDN
ISDN Q.921-User Adaptation Layer
ISDN User Part
ISO 8602 CLTP ConnectionLess Transport Protocol
ISO 9542 ESIS Routeing Information Exchange Protocol
ITU-T Recommendation H.261
+ Intel ANS probe
+ Intelligent Platform Management Interface
Inter-Access-Point Protocol
Interbase
Internet Cache Protocol
Java RMI
Java Serialization
Kerberos
+ Kerberos Administration
Kernel Lock Manager
Label Distribution Protocol
Layer 2 Tunneling Protocol
Microsoft Registry
Microsoft Security Account Manager
Microsoft Server Service
+ Microsoft Service Control
Microsoft Spool Subsystem
Microsoft Telephony API Service
Microsoft Windows Browser Protocol
NetBIOS Session Service
NetBIOS over IPX
NetWare Core Protocol
+ NetWare Link Services Protocol
Network Data Management Protocol
Network File System
Network Lock Manager Protocol
Real-time Transport Control Protocol
Registry Server Attributes Manipulation Interface
Registry server administration operations.
+ Remote Management Control Protocol
Remote Override interface
Remote Procedure Call
Remote Program Load
Zebra Protocol
Zone Information Protocol
iSCSI
+ iSNS
Q 1.3: Are there any plans to support {your favorite protocol}?
Similar problems may exist with older versions of GTK+ for earlier
versions of Solaris.
- Q 5.11: I'm running Ethereal on Linux; why do my time stamps have only
+ Q 5.11: When I try to run Ethereal, it complains about
+ sprint_realloc_objid being undefined.
+
+ A: Ethereal can only be linked with version 4.2.2 or later of UCD
+ SNMP. Your version of Ethereal was dynamically linked with such a
+ version of UCD SNMP; however, you have an older version of UCD SNMP
+ installed, which means that when Ethereal is run, it tries to link to
+ the older version, and fails. You will have to replace that version of
+ UCD SNMP with version 4.2.2 or a later version.
+
+ Q 5.12: I'm running Ethereal on Linux; why do my time stamps have only
100ms resolution, rather than 1us resolution?
A: Ethereal gets time stamps from libpcap/WinPcap, and libpcap/WinPcap
have to run a standard kernel from kernel.org in order to get
high-resolution time stamps.
- Q 5.12: I'm capturing packets on {Windows 95, Windows 98, Windows Me};
+ Q 5.13: I'm capturing packets on {Windows 95, Windows 98, Windows Me};
why are the time stamps on packets wrong?
A: This is due to a bug in WinPcap. The bug should be fixed in WinPcap
3.0.
- Q 5.13: When I try to run Ethereal on Windows, it fails to run because
+ Q 5.14: When I try to run Ethereal on Windows, it fails to run because
it can't find packet.dll.
A: In older versions of Ethereal, there were two binary distributions
Web site, the local mirror of the WinPcap Web site, or the
Wiretapped.net mirror of the WinPcap site.
- Q 5.14: I'm running on Windows; why does some network interface on my
- machine not show up in the list of interfaces in the "Interface:"
- field in the dialog box popped up by "Capture->Start", and/or why does
- Ethereal give me an error if I try to capture on that interface?
+ Q 5.15: I'm running Ethereal on Windows; why does some network
+ interface on my machine not show up in the list of interfaces in the
+ "Interface:" field in the dialog box popped up by "Capture->Start",
+ and/or why does Ethereal give me an error if I try to capture on that
+ interface?
A: If you are running Ethereal on Windows NT 4.0, Windows 2000,
Windows XP, or Windows Server, and this is the first time you have run
above, and also indicate that the problem occurs with WinDump, not
just with Ethereal.
- Q 5.15: I'm running on a UNIX-flavored OS; why does some network
+ Q 5.16: I'm running on a UNIX-flavored OS; why does some network
interface on my machine not show up in the list of interfaces in the
"Interface:" field in the dialog box popped up by "Capture->Start",
and/or why does Ethereal give me an error if I try to capture on that
above, and also indicate that the problem occurs with tcpdump not just
with Ethereal.
- Q 5.16: I'm running Ethereal on Windows NT/2000/XP/Server; my machine
+ Q 5.17: I'm running Ethereal on Windows NT/2000/XP/Server; my machine
has a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the
"Interface" item in the "Capture Options" dialog box. Why can no
packets be sent on or received from that network while I'm trying to
Preferences" dialog box, but this may mean that outgoing packets, or
incoming packets, won't be seen in the capture.
- Q 5.17: I'm running Ethereal on Windows 95/98/Me, on a machine with
+ Q 5.18: I'm running Ethereal on Windows 95/98/Me, on a machine with
more than one network adapter of the same type; Ethereal shows all of
those adapters with the same name, but I can't use any of those
adapters other than the first one.
capture only on the first such interface; Ethereal is a
libpcap/WinPcap-based application.
- Q 5.18: I'm running Ethereal on Windows, and I'm not seeing any
+ Q 5.19: I'm running Ethereal on Windows, and I'm not seeing any
traffic being sent by the machine running Ethereal.
A: If you are running some form of VPN client software, it might be
outgoing packets; unfortunately, neither we nor the WinPcap developers
know any way to make WinPcap and the VPN software work well together.
- Q 5.19: I have an XXX network card on my machine; if I try to capture
+ Q 5.20: I'm trying to capture traffic but I'm not seeing any.
+
+ A: Is the machine running Ethereal sending out any traffic on the
+ network interface on which you're capturing, or receiving any traffic
+ on that network, or is there any broadcast traffic on the network or
+ multicast traffic to a multicast group to which the machine running
+ Ethereal belongs?
+
+ If not, this may just be a problem with promiscuous sniffing, either
+ due to running on a switched network or a dual-speed hub, or due to
+ problems with the interface not supporting promiscuous mode; see the
+ response to this earlier question.
+
+ Otherwise, on Windows, see the response to this question and, on a
+ UNIX-flavored OS, see the response to this question.
+
+ Q 5.21: I have an XXX network card on my machine; if I try to capture
on it, my machine crashes or resets itself.
A: This is almost certainly a problem with one or more of:
Linux distribution, report the problem to whoever produces the
distribution).
- Q 5.20: My machine crashes or resets itself when I select "Start" from
+ Q 5.22: My machine crashes or resets itself when I select "Start" from
the "Capture" menu or select "Preferences" from the "Edit" menu.
A: Both of those operations cause Ethereal to try to build a list of
or, for Windows, WinPcap bug that causes the system to crash when this
happens; see the previous question.
- Q 5.21: Does Ethereal work on Windows ME?
+ Q 5.23: Does Ethereal work on Windows ME?
A: Yes, but if you want to capture packets, you will need to install
the latest version of WinPcap, as 2.02 and earlier versions of WinPcap
didn't support Windows ME. You should also install the latest version
of Ethereal as well.
- Q 5.22: Does Ethereal work on Windows XP?
+ Q 5.24: Does Ethereal work on Windows XP?
A: Yes, but if you want to capture packets, you will need to install
the latest version of WinPcap, as 2.2 and earlier versions of WinPcap
didn't support Windows XP.
- Q 5.23: Why doesn't Ethereal correctly identify RTP packets? It shows
+ Q 5.25: Why doesn't Ethereal correctly identify RTP packets? It shows
them only as UDP.
A: Ethereal can identify a UDP datagram as containing a packet of a
both the source and destination ports of the packet should be
dissected as some particular protocol.
- Q 5.24: Why doesn't Ethereal show Yahoo Messenger packets in captures
+ Q 5.26: Why doesn't Ethereal show Yahoo Messenger packets in captures
that contain Yahoo Messenger traffic?
A: Ethereal only recognizes as Yahoo Messenger traffic packets to or
Messenger packets (even if the TCP segment also contains the beginning
of another Yahoo Messenger packet).
- Q 5.25: Why do I get the error
+ Q 5.27: Why do I get the error
Gdk-ERROR **: Palettized display (256-colour) mode not supported on
Windows.
to a display mode with more colors; if it doesn't support more than
256 colors, you will be unable to run Ethereal.
- Q 5.26: When I capture on Windows in promiscuous mode, I can see
+ Q 5.28: When I capture on Windows in promiscuous mode, I can see
packets other than those sent to or from my machine; however, those
packets show up with a "Short Frame" indication, unlike packets to or
from my machine. What should I do to arrange that I see those packets
running on the network interface on which you're capturing; turn it
off on that interface.
- Q 5.27: How can I capture raw 802.11 packets, including non-data
+ Q 5.29: How can I capture raw 802.11 packets, including non-data
(management, beacon) packets?
A: That would require that your 802.11 interface run in the mode
On platforms that don't allow Ethereal to capture raw 802.11 packets,
the 802.11 network will appear like an Ethernet to Ethereal.
- Q 5.28: How can I capture packets with CRC errors?
+ Q 5.30: How can I capture packets with CRC errors?
A: Ethereal can capture only the packets that the packet capture
library - libpcap on UNIX-flavored OSes, and the WinPcap port to
libpcap and the packet capture program you're using are necessary to
support capturing those packets.
- Q 5.29: How can I capture entire frames, including the FCS?
+ Q 5.31: How can I capture entire frames, including the FCS?
A: Ethereal can't capture any data that the packet capture library -
libpcap on UNIX-flavored OSes, and the WinPcap port to Windows of
not support capturing the FCS of a frame on Ethernet, and probably do
not support it on most other link-layer types.
- Q 5.30: Ethereal hangs after I stop a capture.
+ Q 5.32: Ethereal hangs after I stop a capture.
A: The most likely reason for this is that Ethereal is trying to look
up an IP address in the capture to convert it to a name (so that, for
contains sensitive information (e.g., passwords), then please do not
send it.
- Q 5.31: How can I search for, or filter, packets that have a
+ Q 5.33: How can I search for, or filter, packets that have a
particular string anywhere in them?
A: Currently, you can't.
list.
For corrections/additions/suggestions for this page, please send email
to: ethereal-web[AT]ethereal.com
- Last modified: Thu, April 10 2003.
+ Last modified: Sun, May 25 2003.
" 5.10 When I run Ethereal on Solaris 8, it dies with a Bus Error when I\n"
" start it.\n"
"\n"
-" 5.11 I'm running Ethereal on Linux; why do my time stamps have only\n"
+" 5.11 When I try to run Ethereal, it complains about\n"
+" sprint_realloc_objid being undefined.\n"
+"\n"
+" 5.12 I'm running Ethereal on Linux; why do my time stamps have only\n"
" 100ms resolution, rather than 1us resolution?\n"
"\n"
-" 5.12 I'm capturing packets on {Windows 95, Windows 98, Windows Me};\n"
+" 5.13 I'm capturing packets on {Windows 95, Windows 98, Windows Me};\n"
" why are the time stamps on packets wrong? \n"
"\n"
-" 5.13 When I try to run Ethereal on Windows, it fails to run because it\n"
+" 5.14 When I try to run Ethereal on Windows, it fails to run because it\n"
" can't find packet.dll.\n"
"\n"
-" 5.14 I'm running on Windows; why does some network interface on my\n"
-" machine not show up in the list of interfaces in the \"Interface:\"\n"
-" field in the dialog box popped up by \"Capture->Start\", and/or why does\n"
-" Ethereal give me an error if I try to capture on that interface? \n"
+" 5.15 I'm running Ethereal on Windows; why does some network interface\n"
+" on my machine not show up in the list of interfaces in the\n"
+" \"Interface:\" field in the dialog box popped up by \"Capture->Start\",\n"
+" and/or why does Ethereal give me an error if I try to capture on that\n"
+" interface? \n"
"\n"
-" 5.15 I'm running on a UNIX-flavored OS; why does some network\n"
+" 5.16 I'm running on a UNIX-flavored OS; why does some network\n"
" interface on my machine not show up in the list of interfaces in the\n"
" \"Interface:\" field in the dialog box popped up by \"Capture->Start\",\n"
" and/or why does Ethereal give me an error if I try to capture on that\n"
" interface? \n"
"\n"
-" 5.16 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has\n"
+" 5.17 I'm running Ethereal on Windows NT/2000/XP/Server; my machine has\n"
" a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the\n"
" \"Interface\" item in the \"Capture Options\" dialog box. Why can no\n"
" packets be sent on or received from that network while I'm trying to\n"
" capture traffic on that interface?\n"
"\n"
-" 5.17 I'm running Ethereal on Windows 95/98/Me, on a machine with more\n"
+" 5.18 I'm running Ethereal on Windows 95/98/Me, on a machine with more\n"
" than one network adapter of the same type; Ethereal shows all of those\n"
" adapters with the same name, but I can't use any of those adapters\n"
" other than the first one.\n"
"\n"
-" 5.18 I'm running Ethereal on Windows, and I'm not seeing any traffic\n"
+" 5.19 I'm running Ethereal on Windows, and I'm not seeing any traffic\n"
" being sent by the machine running Ethereal.\n"
"\n"
-" 5.19 I have an XXX network card on my machine; if I try to capture on\n"
+" 5.20 I'm trying to capture traffic but I'm not seeing any.\n"
+"\n"
+" 5.21 I have an XXX network card on my machine; if I try to capture on\n"
" it, my machine crashes or resets itself. \n"
"\n"
-" 5.20 My machine crashes or resets itself when I select \"Start\" from\n"
+" 5.22 My machine crashes or resets itself when I select \"Start\" from\n"
" the \"Capture\" menu or select \"Preferences\" from the \"Edit\" menu. \n"
"\n"
-" 5.21 Does Ethereal work on Windows ME? \n"
+" 5.23 Does Ethereal work on Windows ME? \n"
"\n"
-" 5.22 Does Ethereal work on Windows XP? \n"
+" 5.24 Does Ethereal work on Windows XP? \n"
"\n"
-" 5.23 Why doesn't Ethereal correctly identify RTP packets? It shows\n"
+" 5.25 Why doesn't Ethereal correctly identify RTP packets? It shows\n"
" them only as UDP.\n"
"\n"
-" 5.24 Why doesn't Ethereal show Yahoo Messenger packets in captures\n"
+" 5.26 Why doesn't Ethereal show Yahoo Messenger packets in captures\n"
" that contain Yahoo Messenger traffic?\n"
"\n"
-" 5.25 Why do I get the error \n"
+" 5.27 Why do I get the error \n"
"\n"
" Gdk-ERROR **: Palettized display (256-colour) mode not supported on\n"
" Windows.\n"
"\n"
" when I try to run Ethereal on Windows?\n"
"\n"
-" 5.26 When I capture on Windows in promiscuous mode, I can see packets\n"
+" 5.28 When I capture on Windows in promiscuous mode, I can see packets\n"
" other than those sent to or from my machine; however, those packets\n"
" show up with a \"Short Frame\" indication, unlike packets to or from my\n"
" machine. What should I do to arrange that I see those packets in their\n"
" entirety? \n"
"\n"
-" 5.27 How can I capture raw 802.11 packets, including non-data\n"
+" 5.29 How can I capture raw 802.11 packets, including non-data\n"
" (management, beacon) packets? \n"
"\n"
-" 5.28 How can I capture packets with CRC errors? \n"
+" 5.30 How can I capture packets with CRC errors? \n"
"\n"
-" 5.29 How can I capture entire frames, including the FCS? \n"
+" 5.31 How can I capture entire frames, including the FCS? \n"
"\n"
-" 5.30 Ethereal hangs after I stop a capture. \n"
+" 5.32 Ethereal hangs after I stop a capture. \n"
"\n"
-" 5.31 How can I search for, or filter, packets that have a particular\n"
+" 5.33 How can I search for, or filter, packets that have a particular\n"
" string anywhere in them? \n"
"\n"
" GENERAL QUESTIONS \n"
"\n"
" Q 1.2: What protocols are currently supported?\n"
"\n"
-" A: There are currently 366 supported protocols and media, listed\n"
+" A: There are currently 381 supported protocols and media, listed\n"
" below. Descriptions can be found in the ethereal(1) man page.\n"
"\n"
" 802.1q Virtual LAN\n"
" ATM OAM AAL\n"
" AVS WLAN Capture header\n"
" Ad hoc On-demand Distance Vector Routing Protocol\n"
-" Ad hoc On-demand Distance Vector Routing Protocol v6\n"
" Address Resolution Protocol\n"
" Aggregate Server Access Protocol\n"
+" Alert Standard Forum\n"
" Andrew File System (AFS)\n"
" Apache JServ Protocol v1.3\n"
" AppleTalk Filing Protocol\n"
" AppleTalk Session Protocol\n"
" AppleTalk Transaction Protocol packet\n"
" Appletalk Address Resolution Protocol\n"
+" Application Configuration Access Protocol\n"
" Async data over ISDN (V.120)\n"
" Authentication Header\n"
" BACnet Virtual Link Control\n"
-" Banyan Vines\n"
+" Banyan Vines ARP\n"
+" Banyan Vines Echo\n"
" Banyan Vines Fragmentation Protocol\n"
+" Banyan Vines ICP\n"
+" Banyan Vines IP\n"
+" Banyan Vines IPC\n"
+" Banyan Vines LLC\n"
+" Banyan Vines RTP\n"
" Banyan Vines SPP\n"
" Blocks Extensible Exchange Protocol\n"
" Boardwalk\n"
" IP Payload Compression\n"
" IPX Message\n"
" IPX Routing Information Protocol\n"
+" IPX WAN\n"
" ISDN\n"
" ISDN Q.921-User Adaptation Layer\n"
" ISDN User Part\n"
" ISO 8602 CLTP ConnectionLess Transport Protocol\n"
" ISO 9542 ESIS Routeing Information Exchange Protocol\n"
" ITU-T Recommendation H.261\n"
+" Intel ANS probe\n"
+" Intelligent Platform Management Interface\n"
" Inter-Access-Point Protocol\n"
" Interbase\n"
" Internet Cache Protocol\n"
" Java RMI\n"
" Java Serialization\n"
" Kerberos\n"
+" Kerberos Administration\n"
" Kernel Lock Manager\n"
" Label Distribution Protocol\n"
" Layer 2 Tunneling Protocol\n"
" Microsoft Registry\n"
" Microsoft Security Account Manager\n"
" Microsoft Server Service\n"
+" Microsoft Service Control\n"
" Microsoft Spool Subsystem\n"
" Microsoft Telephony API Service\n"
" Microsoft Windows Browser Protocol\n"
" MySQL Protocol\n"
" NFSACL\n"
" NFSAUTH\n"
+,
+
" NIS+\n"
" NIS+ Callback\n"
" NSPI\n"
" NetBIOS Session Service\n"
" NetBIOS over IPX\n"
" NetWare Core Protocol\n"
+" NetWare Link Services Protocol\n"
" Network Data Management Protocol\n"
" Network File System\n"
" Network Lock Manager Protocol\n"
" Network News Transfer Protocol\n"
" Network Status Monitor CallBack Protocol\n"
" Network Status Monitor Protocol\n"
-,
-
" Network Time Protocol\n"
" Novell Distributed Print System\n"
" Null/Loopback\n"
" Real-time Transport Control Protocol\n"
" Registry Server Attributes Manipulation Interface\n"
" Registry server administration operations.\n"
+" Remote Management Control Protocol\n"
" Remote Override interface\n"
" Remote Procedure Call\n"
" Remote Program Load\n"
" Zebra Protocol\n"
" Zone Information Protocol\n"
" iSCSI\n"
+" iSNS\n"
"\n"
" Q 1.3: Are there any plans to support {your favorite protocol}?\n"
"\n"
" Ethernet port on the modem, and the machine on which you're running\n"
" Ethereal into a hub (make sure it's not a switching hub, and that, if\n"
" it's a dual-speed hub, all three of those ports are running at the\n"
+,
+
" same speed.\n"
"\n"
" If your machine is not plugged into a switched network or a dual-speed\n"
" off in the \"Capture Options\" dialog box, and Tethereal will try to put\n"
" the interface on which it's capturing into promiscuous mode unless the\n"
" -p option was specified. However, some network interfaces don't\n"
-,
-
" support promiscuous mode, and some OSes might not allow interfaces to\n"
" be put into promiscuous mode.\n"
"\n"
" Similar problems may exist with older versions of GTK+ for earlier\n"
" versions of Solaris.\n"
"\n"
-" Q 5.11: I'm running Ethereal on Linux; why do my time stamps have only\n"
+" Q 5.11: When I try to run Ethereal, it complains about\n"
+" sprint_realloc_objid being undefined.\n"
+"\n"
+" A: Ethereal can only be linked with version 4.2.2 or later of UCD\n"
+" SNMP. Your version of Ethereal was dynamically linked with such a\n"
+" version of UCD SNMP; however, you have an older version of UCD SNMP\n"
+" installed, which means that when Ethereal is run, it tries to link to\n"
+" the older version, and fails. You will have to replace that version of\n"
+" UCD SNMP with version 4.2.2 or a later version.\n"
+"\n"
+" Q 5.12: I'm running Ethereal on Linux; why do my time stamps have only\n"
" 100ms resolution, rather than 1us resolution?\n"
"\n"
" A: Ethereal gets time stamps from libpcap/WinPcap, and libpcap/WinPcap\n"
" have to run a standard kernel from kernel.org in order to get\n"
" high-resolution time stamps.\n"
"\n"
-" Q 5.12: I'm capturing packets on {Windows 95, Windows 98, Windows Me};\n"
+" Q 5.13: I'm capturing packets on {Windows 95, Windows 98, Windows Me};\n"
" why are the time stamps on packets wrong? \n"
"\n"
" A: This is due to a bug in WinPcap. The bug should be fixed in WinPcap\n"
" 3.0.\n"
"\n"
-" Q 5.13: When I try to run Ethereal on Windows, it fails to run because\n"
+" Q 5.14: When I try to run Ethereal on Windows, it fails to run because\n"
" it can't find packet.dll.\n"
"\n"
" A: In older versions of Ethereal, there were two binary distributions\n"
" Web site, the local mirror of the WinPcap Web site, or the\n"
" Wiretapped.net mirror of the WinPcap site.\n"
"\n"
-" Q 5.14: I'm running on Windows; why does some network interface on my\n"
-" machine not show up in the list of interfaces in the \"Interface:\"\n"
-" field in the dialog box popped up by \"Capture->Start\", and/or why does\n"
-" Ethereal give me an error if I try to capture on that interface? \n"
+" Q 5.15: I'm running Ethereal on Windows; why does some network\n"
+" interface on my machine not show up in the list of interfaces in the\n"
+" \"Interface:\" field in the dialog box popped up by \"Capture->Start\",\n"
+" and/or why does Ethereal give me an error if I try to capture on that\n"
+" interface? \n"
"\n"
" A: If you are running Ethereal on Windows NT 4.0, Windows 2000,\n"
" Windows XP, or Windows Server, and this is the first time you have run\n"
" above, and also indicate that the problem occurs with WinDump, not\n"
" just with Ethereal.\n"
"\n"
-" Q 5.15: I'm running on a UNIX-flavored OS; why does some network\n"
+" Q 5.16: I'm running on a UNIX-flavored OS; why does some network\n"
" interface on my machine not show up in the list of interfaces in the\n"
" \"Interface:\" field in the dialog box popped up by \"Capture->Start\",\n"
" and/or why does Ethereal give me an error if I try to capture on that\n"
" interface? \n"
+,
+
"\n"
" A: You may need to run Ethereal from an account with sufficient\n"
" privileges to capture packets, such as the super-user account. Only\n"
" Ring interfaces; the current version, 0.7.2, does support Token Ring,\n"
" and the current version of Ethereal works with libcap 0.7.2 and later.\n"
"\n"
-,
-
" If an interface doesn't show up in the list of interfaces in the\n"
" \"Interface:\" field, and you know the name of the interface, try\n"
" entering that name in the \"Interface:\" field and capturing on that\n"
" above, and also indicate that the problem occurs with tcpdump not just\n"
" with Ethereal.\n"
"\n"
-" Q 5.16: I'm running Ethereal on Windows NT/2000/XP/Server; my machine\n"
+" Q 5.17: I'm running Ethereal on Windows NT/2000/XP/Server; my machine\n"
" has a PPP (dial-up POTS, ISDN, etc.) interface, and it shows up in the\n"
" \"Interface\" item in the \"Capture Options\" dialog box. Why can no\n"
" packets be sent on or received from that network while I'm trying to\n"
" Preferences\" dialog box, but this may mean that outgoing packets, or\n"
" incoming packets, won't be seen in the capture.\n"
"\n"
-" Q 5.17: I'm running Ethereal on Windows 95/98/Me, on a machine with\n"
+" Q 5.18: I'm running Ethereal on Windows 95/98/Me, on a machine with\n"
" more than one network adapter of the same type; Ethereal shows all of\n"
" those adapters with the same name, but I can't use any of those\n"
" adapters other than the first one.\n"
" capture only on the first such interface; Ethereal is a\n"
" libpcap/WinPcap-based application.\n"
"\n"
-" Q 5.18: I'm running Ethereal on Windows, and I'm not seeing any\n"
+" Q 5.19: I'm running Ethereal on Windows, and I'm not seeing any\n"
" traffic being sent by the machine running Ethereal.\n"
"\n"
" A: If you are running some form of VPN client software, it might be\n"
" outgoing packets; unfortunately, neither we nor the WinPcap developers\n"
" know any way to make WinPcap and the VPN software work well together.\n"
"\n"
-" Q 5.19: I have an XXX network card on my machine; if I try to capture\n"
+" Q 5.20: I'm trying to capture traffic but I'm not seeing any.\n"
+"\n"
+" A: Is the machine running Ethereal sending out any traffic on the\n"
+" network interface on which you're capturing, or receiving any traffic\n"
+" on that network, or is there any broadcast traffic on the network or\n"
+" multicast traffic to a multicast group to which the machine running\n"
+" Ethereal belongs?\n"
+"\n"
+" If not, this may just be a problem with promiscuous sniffing, either\n"
+" due to running on a switched network or a dual-speed hub, or due to\n"
+" problems with the interface not supporting promiscuous mode; see the\n"
+" response to this earlier question.\n"
+"\n"
+" Otherwise, on Windows, see the response to this question and, on a\n"
+" UNIX-flavored OS, see the response to this question.\n"
+"\n"
+" Q 5.21: I have an XXX network card on my machine; if I try to capture\n"
" on it, my machine crashes or resets itself. \n"
"\n"
" A: This is almost certainly a problem with one or more of:\n"
" Linux distribution, report the problem to whoever produces the\n"
" distribution).\n"
"\n"
-" Q 5.20: My machine crashes or resets itself when I select \"Start\" from\n"
+" Q 5.22: My machine crashes or resets itself when I select \"Start\" from\n"
" the \"Capture\" menu or select \"Preferences\" from the \"Edit\" menu. \n"
"\n"
" A: Both of those operations cause Ethereal to try to build a list of\n"
" or, for Windows, WinPcap bug that causes the system to crash when this\n"
" happens; see the previous question.\n"
"\n"
-" Q 5.21: Does Ethereal work on Windows ME? \n"
+" Q 5.23: Does Ethereal work on Windows ME? \n"
"\n"
" A: Yes, but if you want to capture packets, you will need to install\n"
" the latest version of WinPcap, as 2.02 and earlier versions of WinPcap\n"
" didn't support Windows ME. You should also install the latest version\n"
" of Ethereal as well.\n"
"\n"
-" Q 5.22: Does Ethereal work on Windows XP? \n"
+" Q 5.24: Does Ethereal work on Windows XP? \n"
"\n"
" A: Yes, but if you want to capture packets, you will need to install\n"
" the latest version of WinPcap, as 2.2 and earlier versions of WinPcap\n"
" didn't support Windows XP.\n"
"\n"
-" Q 5.23: Why doesn't Ethereal correctly identify RTP packets? It shows\n"
+" Q 5.25: Why doesn't Ethereal correctly identify RTP packets? It shows\n"
" them only as UDP.\n"
"\n"
" A: Ethereal can identify a UDP datagram as containing a packet of a\n"
" both the source and destination ports of the packet should be\n"
" dissected as some particular protocol.\n"
"\n"
-" Q 5.24: Why doesn't Ethereal show Yahoo Messenger packets in captures\n"
+" Q 5.26: Why doesn't Ethereal show Yahoo Messenger packets in captures\n"
" that contain Yahoo Messenger traffic?\n"
"\n"
" A: Ethereal only recognizes as Yahoo Messenger traffic packets to or\n"
" Messenger packets (even if the TCP segment also contains the beginning\n"
" of another Yahoo Messenger packet).\n"
"\n"
-" Q 5.25: Why do I get the error \n"
+" Q 5.27: Why do I get the error \n"
"\n"
" Gdk-ERROR **: Palettized display (256-colour) mode not supported on\n"
" Windows.\n"
" to a display mode with more colors; if it doesn't support more than\n"
" 256 colors, you will be unable to run Ethereal.\n"
"\n"
-" Q 5.26: When I capture on Windows in promiscuous mode, I can see\n"
+" Q 5.28: When I capture on Windows in promiscuous mode, I can see\n"
" packets other than those sent to or from my machine; however, those\n"
" packets show up with a \"Short Frame\" indication, unlike packets to or\n"
" from my machine. What should I do to arrange that I see those packets\n"
" running on the network interface on which you're capturing; turn it\n"
" off on that interface.\n"
"\n"
-" Q 5.27: How can I capture raw 802.11 packets, including non-data\n"
+" Q 5.29: How can I capture raw 802.11 packets, including non-data\n"
" (management, beacon) packets? \n"
"\n"
" A: That would require that your 802.11 interface run in the mode\n"
" On platforms that don't allow Ethereal to capture raw 802.11 packets,\n"
" the 802.11 network will appear like an Ethernet to Ethereal.\n"
"\n"
-" Q 5.28: How can I capture packets with CRC errors? \n"
+" Q 5.30: How can I capture packets with CRC errors? \n"
"\n"
" A: Ethereal can capture only the packets that the packet capture\n"
" library - libpcap on UNIX-flavored OSes, and the WinPcap port to\n"
" libpcap and the packet capture program you're using are necessary to\n"
" support capturing those packets.\n"
"\n"
-" Q 5.29: How can I capture entire frames, including the FCS? \n"
+" Q 5.31: How can I capture entire frames, including the FCS? \n"
"\n"
" A: Ethereal can't capture any data that the packet capture library -\n"
" libpcap on UNIX-flavored OSes, and the WinPcap port to Windows of\n"
" FCS of a frame as part of the frame, or can be configured to supply\n"
" the FCS of a frame as part of the frame, Ethereal - and other programs\n"
" that capture raw packets, such as tcpdump - cannot capture the FCS of\n"
+,
+
" a frame. You will have to determine whether your OS can be so\n"
" configured, configure it if possible, and make whatever changes to\n"
" libpcap and the packet capture program you're using are necessary to\n"
" not support capturing the FCS of a frame on Ethernet, and probably do\n"
" not support it on most other link-layer types.\n"
"\n"
-" Q 5.30: Ethereal hangs after I stop a capture. \n"
+" Q 5.32: Ethereal hangs after I stop a capture. \n"
"\n"
" A: The most likely reason for this is that Ethereal is trying to look\n"
" up an IP address in the capture to convert it to a name (so that, for\n"
"\n"
" If Ethereal hangs when reading a capture even with network name\n"
" resolution turned off, there might, for example, be a bug in one of\n"
-,
-
" Ethereal's dissectors for a protocol causing it to loop infinitely.\n"
" The bug should be reported to the Ethereal developers' mailing list at\n"
" ethereal-dev@ethereal.com.\n"
" contains sensitive information (e.g., passwords), then please do not\n"
" send it.\n"
"\n"
-" Q 5.31: How can I search for, or filter, packets that have a\n"
+" Q 5.33: How can I search for, or filter, packets that have a\n"
" particular string anywhere in them? \n"
"\n"
" A: Currently, you can't.\n"
" list. \n"
" For corrections/additions/suggestions for this page, please send email\n"
" to: ethereal-web[AT]ethereal.com\n"
-" Last modified: Thu, April 10 2003.\n"
+" Last modified: Sun, May 25 2003.\n"
};
#define FAQ_PARTS 5
-#define FAQ_SIZE 75375
+#define FAQ_SIZE 77302
git.samba.org / obnox / wireshark / wip.git / commitdiff