[Winpcap-users] FW: run winpcap in windows xp like snoop inSolaris
Guy Harris
guy at alum.mit.edu
Sat Jul 9 17:12:40 GMT 2005
{Team Netcount} wrote:
> You are (as it looks) sniffing the wrong device (PPP-ADSL <=> Ndiswan)
> You probably want to sniff your local Ethernet card. You should type
> "windump -D" to check on your device name and then use it in the -i option.
> E.g.
> "C:\>windump -D"
> 1.\Device\NPF_GenericNdisWanAdapter (Generic NdisWan adapter)
> 2.\Device\NPF_{05CB2CF5-DED1-4C27-8C83-DA5776C2A2BD} (NETGEAR PA101 USB
> Phoneline10X Adapter (Microsoft's Packet Scheduler) )
> 3.\Device\NPF_{F98A41B8-7C97-49FC-A919-72137C84F7D0} (VIA Rhine II Fast
> Ethernet Adapter (Microsoft's Packet Scheduler) )
> and then
> "C:\windump -i \Device\NPF_{F98A41B8-7C97-49FC-A919-72137C84F7D0}"
Or just
windump -i 3
The numbers in front of the device names in the "windump -D" output can
be used as arguments to "-i", because the names are really ugly strings
(I think the strings in {} are GUIDs for the devices).
The same is true of Tethereal.
More information about the Winpcap-users
mailing list