did i install the wrong program? - winpcap

Discussion in 'other software & services' started by iceni60, Dec 8, 2004.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i want to caputure packets, i installed smart sniff and winpcap. when i go to the winpcap folder i dont see it, ive open rpcapd is that winpcap? if so what are the commands so i can safely caputure packets when i use it with smart sniff? thanks. :)
     

    Attached Files:

  2. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi iceni60,

    WinPcap is a driver, not an application. If it is installed, you should see an entry in Add or Remove Programs. If Smart Sniff captures packets, then WinPcap is installed and working.

    Nick
     
  3. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    so it should be installed? but when i go to caputure packets with smart sniff and i pick the winpcap option it doesnt seem to work i pick the winpcap option, press enter, but, then the same screen appears again, asking if i want to use raw packets or winpcap, i pick the winpcap option, and the same screen appears again.

    it is in add/remove programs, but, i cant remember how i checked, but the driver doesnt appear when i looked to see if its installed, i think i somehow need to install the driver
     

    Attached Files:

  4. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i just realised that i have process guard installed to block driver installs, however, given the choice i would have allowed the driver install. chould that be the problem? if so, should i reinstall? i really want to learn about networks etc. thanks
     
    Last edited: Dec 8, 2004
  5. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Your capture options should look something like this. I don't see a network adapter in yours. What kind of connection do you have?

    Nick
     

    Attached Files:

  6. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Disable PG long enough to reinstall WinPcap.

    Nick
     
  7. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    this is my connexion, please let me know if ive left something personal in it. thanks
     

    Attached Files:

  8. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thank you, Nick. i'll disable global hooks and driver installs. is that the right thing to do? or should i just unenable it all? how does the connexion look to you ? is it OK?
     
  9. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Looks good. Did you install WinPcap 3.0 or 3.1 beta 4? 3.1 supports PPP where I think 3.0 does not.

    Nick
     
  10. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Disabling just driver installs will work.

    Nick
     
  11. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i installed 3.0, so i'll have to uninstall 3.0, than install 3.1 beta 4, is that the smae as 3.1?

    i'll just disable the driver then, thanks again nick :cool:
     
  12. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    You will have to uninstall 3.0, reboot, and install 3.1 beta 4 (disable block driver installation in PG).

    Nick
     
  13. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    you are brilliant nick, i dont know what id do without you :D :cool: :D thanks for all the times you've helped me. im going to have something to eat then i'll do it. again thanks for your time.
    one last thing, ive done abit of reading, and if i just capture packets from my machine i wont be causing any trouble for anyone else will i, i dont want to get into trouble :( it just captures my requests right
     
  14. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    On some networks and ISPs I believe it is against the terms of service agreement. As a home user, I doubt very much that you will get into trouble.

    Nick
     
  15. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    ok then i'll give it a go :cool:
     
  16. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    I've been looking into this myself Nick, and appreciate the input.

    A question if I may....reading through some of the FAQ's and notes at the Ethereal site, it looks like the mention on the Pcap goes ver3.0. Now I looked into Snort also and their ver for Pcap suggests the one you commented on, ver3.1 beta 4. I would think (need more time there) the latter would be compatible with the latest Ethereal ver0.10.7.
    Plus I briefly recall the PPP support from their site you noted in post nine. ;)

    If you could comment one way or another, that would be super! :cool:
    I know from previous threads you run Ethereal....


    Thanks,
    GF
     
    Last edited: Dec 8, 2004
  17. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi GlobalForce,

    I am running WinPcap 3.1 beta 4 with the latest Ethereal without any problem. For me, all the 3.1 betas have worked well with Ethereal.

    Nick
     
  18. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Mucho thanks Nick.[​IMG]
    From many threads I've always picked up something productive from you. Enjoy having you "On The Boards!"

    Best Regards,
    GF ;)
     
  19. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hello, i just uninstall 3.0, rebooted and installed 3.1 beta 4. it appears in the add/remove programs, but when i open smart sniff i get the screenshot below, which does look to be an improvment from before as some infomation appears in the box. but, when i click the winpcap option, then OK, the same box reappears. do i need to go to the winpcap folder and run a command to get the driver to work as this is the first time ive used it. i did disable driver installs in PG. any help would be great, as im desparate to get it to work now. thanks
     

    Attached Files:

    Last edited: Dec 8, 2004
  20. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi iceni60,

    You have to select an adapter. Use the one with your IP. No need to do anything in the WinPcap folder. Remember to not post your IP.

    Nick
     
  21. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    yea, i just editted the address and changed my online address thanks. i picked the one with the adapter and the green arrow went off and a red box appeared. is that it? i'll give it ago now and see what happens.
     
  22. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Should be working now. Smart Sniff does not have live packet capture. You have to stop the capture (with the red box) to see the results. Ethereal can do live scrolling capture.

    Nick
     
  23. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    when i picked *stop capture* the red box disappeared and the screen filled with infomation, it looks like it has worked. does that sound right to you? i can't thank you enough. i really appreciate your walking me through all the steps.
    i want to learn about all these things so much and it looks like im on my way to the beginnings of packet sniffing :cool: THANKS Nick cookies for you :cool: :cool: :cool:
     
  24. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    I will be joining you in the sniff-fest by the weekend ICE. :D
    Thanks again Nick. :cool:

    GF
     
  25. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    one last thing, just so im 100% sure - i should select the one next to my IP address - the wan (PPP/Silp) interface?
     
Loading...
Thread Status:
Not open for further replies.