I cant get ethereal to capture packets when look n stop is running (using enhanced rules set).If look n stop is running i get this error (see attachment).Any ideas? me
Hey ellison64 I was hoping a Look ‘n’ Stop customer who uses Ethereal will came forth and assist. Obviously not so I downloaded WinPcap v3.01a and Installed it on my Windows XP Pro, and then I downloaded Ethereal v0.9.16 and Installed it and re-booted my machine. Afterwards I executed Ethereal and when to “Capture” in the Menu and click “Start…” and so forth and had no problems. You may need to give further details like Operating System, Connection Type, version of Look ‘n’ Stop… Regards,
Hi phantom.Thanks for reply. Im using w98se.Ethereal is latest release also winpcap latest release.Look n stop is latest version.I also can click capture then start.But when i click ok to finish the capture i get the error message.Sorry i didnt give more details earlier.Im using enhanced rules and ethereal is allowed .I also use naviscope as a proxy.Dont get any problems using BI or outpost only look n stop. me
Hey ellison64 - You using Dial-up? xDSL? Cable+? - You using Look ‘n’ Stop Personal Firewall (PRO) v2.04p2? - You using Look ‘n’ Stop newest Application Filtering Driver? - You have other Software Firewalls Installed along with Look ‘n’ Stop? When you say you using newest WinPcap, that would be WinPcap v3.01a correct? When you say you using newest Ethereal, that would be Ethereal v0.9.16?
On dial up (56k).Winpcap 3.01 a.Ethereal version 0.9.15c ( i see version 16 releasd on 3rd)Look n stop version 2.04 (30 day trial period).Dont know about the latest application filter drivers.Update says theres no update.I have BI running all the time.Outpost installed but not active on windows startup.I launch it when needed through netlaunch. me
Hey ellison64 You don’t need the Software Firewalls GUI running to conflict; Software Firewalls uses drivers that are loaded up on Windows boot-up. You can tell what Look ‘n’ Stop version you using when viewing Look ‘n’ Stop’s Welcome screen, shown for "Version:". And newest Application Filtering driver info is available at http://www.wilderssecurity.info/Updates.shtml. - For “Capture interface” what is shown selected and what all is available to choose from?
The look n stop version is 2.04 (24 november 2002).Updater says i have the most recent version.Ill check the latest driver out later and download though.The capture interface says... ppp adaptor PPMAC when running WITHOUT look n stop or running WITH outpost or blackice.When i run look n stop the interface changes and says...UNKNOWNPPMAC Seems to be a conflict somewhere. me
Actually Look ‘n’ Stop v2.04p2 is the latest version, download available at http://www.wilderssecurity.info. - For “Capture interface” what is shown selected and what all is available in the drop-list?
Dont know why i cant update.The latest drivers are only for w2k and xp.Theres nothing else in capture dropdowns except whats showing on thes two pics.One when look n stop is running.One without look n stop runnin (ethereal works here)
Yea I apologize the Application Filtering Driver is for Win2K/XP Only. Look ‘n’ Stop Updates through its Updater only available for official releases. Look ‘n’ Stop v2.04p2 is though the newest and further info is available at http://www.wilderssecurity.info/App-Updates.shtml. Try enabling "Capture packets in promiscuous mode"
Promiscuous mode doesnt work.With look n stop running ..ethereal seems to have trouble detecting the ppp adaptor (hence the "unknown" dialouge).Maybe a w98 or conflict just on my pc. me
Hey ellison64 How Ethereal is built to get list of Interfaces its little buggy obviously, when Look ‘n’ Stop GUI is running it sees Look ‘n’ Stop Emulated driver instead of your actual PPP Adapter. I would suggest trying out the newest version of Ethereal and if the problem still persists try specifying the accurate interface name for "Capture Interface:", replace "Unknown: PPPMAC" with "PPP Adapter.: PPPMAC".
Well ive tried the later version of look n stop ,(p2 version),but still the same.Also typing in the correct adaptor doesnt work.Its not a huge problem as i can shutdown look n stop when i want to use ethereal.Just a nuiscance really.I have a feeling its more of a local conflict with my pc/progs than a look n stop bug so i ll live with it.tHnaks for help tho. me
Hey ellison64 Firstly; you should not have to shutdown a Software Firewall. Secondly; I don’t consider it a Look ‘n’ Stop bug, and I never indicated it being one. Its Ethereal bug, the way it gets the interfaces list happens to be buggy when using Software Firewalls like Look ‘n’ Stop that uses Emulated drivers. So you downloaded newest version of Ethereal and installed it and tried replacing name in "Capture Interface:" to - PPP Adapter.: PPPMAC Try just - PPPMAC
In addition; I E-mailed the Ethereal product author shortly after posting my yesterday’s latest thread, waiting to receive a third response tomorrow.
I dont mind shutting down look n stop to use ethereal as i use BI along side it (a good reason in my opinion to sometimes use 2 firewalls if they get along together of course).It doesnt matter what i type in , i still get the same result.Maybe its a w98 thing if it works ok for your xp. me
Actually even though the conflicts may not be noticeable, they do exist. Anyways I did receive response incredibly sooner then I thought; > - Ethereal 0.9.15c (as mentioned aboved) > - Microsoft Windows 98 Second Edition > - Dial-up (56k) > - WinPcap v3.01a Well, the last two won't necessarily work together: http://winpcap.polito.it/misc/changelog.htm "Version 3.0 beta, 10 feb 03 ... o NdisWan support: o due to the large number of messages reporting problems (blue screens) with VPNs, PPTP and such connections, we have disabled the support for NdisWan adapters. As a consequence, it is not possible to capture from PPP (neither NdisWanIp, nor NdisWanBh, nor NdisWanBfIn/Out...). At the moment we have no plans to fix the problem with VPNs, PPTP, PPP unless we get a generous sponsorship." You should go d/l WinPcap v3.0 beta. In the meantime it looks like I got another product vendor I need to contact on behalf of your situation…
In addition; I don't believe that any change to Ethereal whatsoever will fix this problem, as it's almost certainly a WinPcap issue. Ethereal does not include any code to get network interfaces to capture packets; it relies on libpcap/WinPcap, and the OS facilities it uses, to do that. I suspect that if they tried using WinDump they'd see similar problems, which would mean that it's a WinPcap issue. Have you tried using WinDump yet?
Thanks for all the work put in on my behalf , much appreciated. Ive tried many different versions of winpcap including the 3 beta and i still get the same error.Look n stop must somehow work differently to outpost and blackice (on a w98 system)as these can work with ethereal ok.Ive also used sygate in the past and that works ok too.Maybe i should upgrade to w2k or xp but i must admit i like 98 for all its faults. me
Hey ellison64 I’m not done yet, I just e-mailed WinPcap author tis morning… Have you tried WinDump, http://windump.polito.it/ Does it have a problem too?
I havent tried windump because i cant find where to download it to try.The links at that page all go to winpcap?. me
thanks for link...just downloaded and it works fine when look n stop is not running.Wont work at all with look n stop running though.It just brings the dos box up and disappears straight away. me
