I installed ethereal 0.10.13 with winPcap 3.1 on my w2k_sp4. during the install I had killed or disabled various security apps. post-install I rebooted and turned everything back on in orderly fashion and started ethereal. it did a few bumps with kerio 2.1.5 but I worked past those, and then started ethereal capture and *pooof* blackscreen shutdown reboot. after reboot I closed various security stuff and slowly started one, ran ethereal ok, started another, ok, so I was able to narrow the culprit down to... ProcessGuard 3.150. I've tried various settings in PG and always ethereal crashes w2k with PG running. turn off PG and ethereal is ok. curious as I have run prior versions of ethereal with PG in the past with no problem. so something is new and different (apparently) in current version of ethereal. any ideas how to tweak this combo other than disabling PG. I disabled PG when I installed ethereal. sidenote I also installed sun java jre 1.5.0.06 today but no evidence that java is causing any problems.
Hi poogimmal. Does PG enter anything in the log files saying it has blocked something,driver install/memory access etc.
not that I see, pasting a last entry which shows ethereal starting, it starts ok the crash only comes when I initiate a capture (some sort of winPcap conflict??) [EXECUTION] "c:\program files\ethereal\ethereal.exe" was allowed to run [EXECUTION] Started by "c:\winnt\explorer.exe" [268] [EXECUTION] Commandline - [ "c:\program files\ethereal\ethereal.exe" ] earlier I put ethereal into protection and told PG to allow it to install drivers, hooks... I baffled as I have not had any problems with PG since v3xxx came out.
poogimmal, What version of PG are you using ? Is it the current production version 3.150 or the newer beta version, the reason I ask is because several people have reported issues with the beta so if you are using the new one you should see if you can reproduce it with 3.150.... I have XP Pro and have used ethereal (0.10.13 and earlier versions + WinPcap 3.1) with the current production release of PG (3.150 registered version) with and without Kerio 4.x to capture without any problems at all. I know that this doesn't help you resolve your specific problem but at least you know that it does work with PG on XP so it might be a w2k+PG issue. I don't have PG (or Kerio) on this machine at the moment and I can't remember having to give ethereal any special permissions Doing a "Capture, Start" on this machine causes ethereal.exe to execute a second program so the conflict could be something happening with that Code: ethereal-capture -i \device\npf_{ae35eb70-b087-40e4-98fb-9b5392677abc} -b 1 -m "-*-lucida console-medium-r-*-*-*-100-*-*-*-*-*-*" -z sync:65 -z signal:66 You could try and see if "Capture, Interfaces" works for you and shows the interface list and the packet counts going through. That dialog would probably be making use of the WinPcap interface in a more limited way and could show if it is working. If that works try clicking on Prepare for the real interface and perform a really basic capture; untick "Capture packets in promiscuous mode", untick all the Name Resolution boxes and untick "Update list of packets in real time", the click on Start (to execute ethereal-capture) and see what happens It will probably need someone from DCS to actually try it out on their side of things and see if they can reproduce it. This sounds like something that would probably be worth reporting via the contact page or email support@diamondcs.com.au If you got a dump after the crash then there is some after the fact information that you could send to DCS for them to look at