It is currently Sun Sep 23, 2018 12:53 am


All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: A note on using Wireshark captures under Windows Vista
PostPosted: Mon Jan 05, 2009 11:23 pm 
Offline

Joined: Mon Jan 05, 2009 9:22 pm
Posts: 20
Let me begin by stating I'm new to GNS3 and love it- hence my wanting to contribute but with a warning that I know enough to be dangerous.

I use Windows Vista Ultimate. Latest Wireshark 1.0.3 and PCAP 4.0.2. My machine has two duo-core processors with 8Gb of ram.

When I went to capture on an interafce in GNS3, I'd get the error... "The npf driver isn't running. you may have trouble capturing or listing interfaces"

Go here and read this. http://wiki.wireshark.org/CaptureSetup

Because I am in total control/ownership of my server, I chose option #3 (to edit the regedit and chose value "02" ) This corrceted the error I was seeing. However, I was also confused that I didn't see any capture in the open Wireshark application. In fact, it wasn't even running according to the application. i.e. you can't choose interafce and start application like normal use.

You need to look in the "capture" folder which you specify under the Edit->Preferences->Capture tabs. You'll find the .pcap file there with the capture you created. Also note: closing Wieshark doesn't stop the capture, use the right-click interface 'stop capture' to halt the packet capture.

Hope this information helps.

-Sean




Top
 Profile  
 
 Post subject: Re: A note on using Wireshark captures under Windows Vista
PostPosted: Tue Jan 06, 2009 9:27 am 
Offline

Joined: Mon Oct 13, 2008 11:26 am
Posts: 817
Location: Finland
Hi, thanks for your post.

Quote:
However, I was also confused that I didn't see any capture in the open Wireshark application. In fact, it wasn't even running according to the application. i.e. you can't choose interafce and start application like normal use.

You need to look in the "capture" folder which you specify under the Edit->Preferences->Capture tabs. You'll find the .pcap file there with the capture you created. Also note: closing Wieshark doesn't stop the capture, use the right-click interface 'stop capture' to halt the packet capture.


GNS3 capture is working a little bit different way than Wireshark capture usually works. As you wrote it's not "real time" capture. It opens specific captured file. But you don't need to look to "capture" folder.

GNS3 opens automatically this specific capture file in Wireshark. However, maybe there is nothing in this file when Wireshark starts. You can reload file in Wireshark from menu View | Reload or by pressing CRTL + R.

So after you have generated traffic you can press CRTL + R and then you can see captured traffic in Wireshark.



_________________
Br,
Kaage
Image Image


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO