Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Ethereal: users

What level does Ethereal capture packets?

  

 
Ethereal users RSS feed   Index | Next | Previous | View Threaded


dave964 at hotmail

Jun 20, 2006, 3:19 AM

Post #1 of 3 (498 views)
Permalink
What level does Ethereal capture packets?
Hi, I am currently using Ethereal to capture packets when my (windows) laptop is connected to my mobile phone. I had to install driver s/w before the phone could communicate with the laptop (over USB). My question is : when Ethereal captures the packets, where is it capturing them? Below the phone driver (e.g. between the driver and the USB port) or above the driver s/w?
Dave
Get the inside track on what's happening at MSN. Sign up for the http://g.msn.com/8HMAENUK/2731??PS=47575"]MSN Insider newsletter here.


ulf.lamping at web

Jul 27, 2006, 5:27 PM

Post #2 of 3 (496 views)
Permalink
Re: What level does Ethereal capture packets? [In reply to]
David Kitcher wrote:
> Hi,
> I am currently using Ethereal to capture packets when my (windows)
> laptop is connected to my mobile phone. I had to install driver s/w
> before the phone could communicate with the laptop (over USB). My
> question is : when Ethereal captures the packets, where is it
> capturing them? Below the phone driver (e.g. between the driver and
> the USB port) or above the driver s/w?
>
This is really a WinPcap question, you may ask that team about it.

What I would guess is that WinPcap is capturing "high above" the USB
driver, at the NDIS network level.

Regards, ULFL
_______________________________________________
Ethereal-users mailing list
Ethereal-users [at] ethereal
http://www.ethereal.com/mailman/listinfo/ethereal-users


guy at alum

Jul 27, 2006, 6:31 PM

Post #3 of 3 (488 views)
Permalink
Re: What level does Ethereal capture packets? [In reply to]
On Jul 27, 2006, at 5:27 PM, Ulf Lamping wrote:

> What I would guess is that WinPcap is capturing "high above" the
> USB driver, at the NDIS network level.

Yes. It includes an NDIS transport layer driver. However, if the
mobile phone looks like a modem on a serial port, it's probably using
the Network Monitor driver rather than the WinPcap driver (at least
if the laptop is running NT/W2K/WP), which is still above the USB
driver.

_______________________________________________
Ethereal-users mailing list
Ethereal-users [at] ethereal
http://www.ethereal.com/mailman/listinfo/ethereal-users

Ethereal users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.