Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
General
GeneralPortable MacsHardwareNetworking
Applications
Mac ApplicationsEudoraFirefox / MozillaInternet ExplorerOutlook ExpressMS OfficeEntourageExcelPowerPointWordVirtual PCMedia PlayerOther MS Products
Programming
Mac ProgrammingCodeWarriorPerl
Country Specific
Australian Mac GroupUK Mac Group

Mac Forum / General / Hardware / December 2006


Tip: Looking for answers? Try searching our database.

Ethereal

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
hp - 08 Dec 2006 20:03 GMT
Anyone currectly using Ethereal on MBP?  Is so, where did you get it?  If  
not, is there something else out there that does the same thing (that's  
also free :) that works on MBP?

Also, if you're currently using it, will it "sniff" win or linux running  
in a VM??  Or will it run on a VM??

Thanks,
Harry

Signature

Using PCs forever but UPS has my MBP on the way.

Reply to this Message
Tom Stiller - 08 Dec 2006 20:44 GMT
> Anyone currectly using Ethereal on MBP?  Is so, where did you get it?  If  
> not, is there something else out there that does the same thing (that's  
> also free :) that works on MBP?
>
> Also, if you're currently using it, will it "sniff" win or linux running  
> in a VM??  Or will it run on a VM??

I'm not using a MBP, but I compiled the version I use from sources
obtained via Fink.  A clean compile in the target environment should
produce an operational version.

I can't say for certain but since Ethereal is sniffing at the interface
to the real hardware, I suspect it'll get 'em all.

Signature

Tom Stiller

PGP fingerprint =  5108 DDB2 9761 EDE5 E7E3
                  7BDA 71ED 6496 99C0 C7CF

Reply to this Message
D P Schreber - 08 Dec 2006 22:56 GMT
> Anyone currectly using Ethereal on MBP?  Is so, where did you get it?  If  
> not, is there something else out there that does the same thing (that's  
> also free :) that works on MBP?

You can do the same thing without the nice gui with tcpdump, which is
already installed on your Mac.

> Also, if you're currently using it, will it "sniff" win or linux running  
> in a VM??

The packets are ultimately going through the same interface either way,
and what you're watching with these tools is the interface.
Reply to this Message
hp - 28 Dec 2006 06:05 GMT
> Anyone currectly using Ethereal on MBP?  Is so, where did you get it?  
> If not, is there something else out there that does the same thing  
> (that's also free :) that works on MBP?
>
> Also, if you're currently using it, will it "sniff" win or linux running  
> in a VM??  Or will it run on a VM??

thanks for the responses.  I received the mbp and downloaded ethereal from  
Fink and it installed without problems but doesn't run.  When I use Ctl-K  
and try to select the interface to monitor, the dropdown menu only has  
PPP, en0, en1, etc.  In windoze, I'm used to seeing the actual h/w (i.e.,  
3Com blah, blah) in the dropdown but I go ahead and select ppp (I'm trying  
to monitor the dialup connection) and when I ok that, I get an error  
saying I haven't selected an interface.

I haven't had a chance to try tcpdump yet but I would imagine it should  
work if it's supplied with the mbp.

More testing to follow when I have the time.

thanks again,

Harry
Reply to this Message
Tom Stiller - 28 Dec 2006 11:58 GMT
> > Anyone currectly using Ethereal on MBP?  Is so, where did you get it?  
> > If not, is there something else out there that does the same thing  
[quoted text clipped - 15 lines]
>
> More testing to follow when I have the time.

You are starting Ethereal as root or with sudo, right?

Signature

Tom Stiller

PGP fingerprint =  5108 DDB2 9761 EDE5 E7E3
                  7BDA 71ED 6496 99C0 C7CF

Reply to this Message
D P Schreber - 28 Dec 2006 12:08 GMT
>> I haven't had a chance to try tcpdump yet but I would imagine it should  
>> work if it's supplied with the mbp.
>>
>> More testing to follow when I have the time.
>
> You are starting Ethereal as root or with sudo, right?

Likewise with tcpdump (which is installed on a standard MBP) -- you must
run with sudo.  I don't know for sure what the interface name would be
for a ppp connection, and since MBPs don't have a phone jack I have no
way to try it out.  You're using a usb modem?  In any case, to find the
interface name, run ifconfig.  Most likely it will be ppp0, but hard to
say for sure.
Reply to this Message
David Empson - 28 Dec 2006 12:44 GMT
> > Anyone currectly using Ethereal on MBP?  Is so, where did you get it?
> > If not, is there something else out there that does the same thing
[quoted text clipped - 8 lines]
> windoze, I'm used to seeing the actual h/w (i.e., 3Com blah, blah) in the
> dropdown

Pretty standard for a BSD Unix system (and probably other Unix/Linux
variants). Most generic tools like Ethereal or tcpdump only know the
internal name of the network interface, which is generally in the form
of a two or three letter interface type followed by a sequence number,
e.g. "fw0" is the first Firewire interface, "en0" is the first Ethernet
interface, "en1" is the second one, etc. The usual pattern is that en0
is the built-in Ethernet, and en1 is Airport.

Some native Mac tools are able to use higher level information to
produce human-readable descriptions for each interface, e.g. System
Preferences only shows the human-readable name of the port and hides the
internal name. Network Utility shows the internal name and gives some
additional clues in some cases (e.g. identifying en1 as a "Wireless
Network Adapter").

> but I go ahead and select ppp (I'm trying to monitor the dialup
> connection) and when I ok that, I get an error saying I haven't selected
> an interface.

My recollection is that a dial-up connection using the Internal Modem on
my PowerBook G4 results in a "ppp0" network interface appearing after
the PPP connection is established. An external USB modem should behave
similarly.

You won't be able to access the interface with Ethereal unless you
establish the PPP connection before Ethereal is launched. (The same
would apply if you were using tcpdump.)

The other obvious problem is that doing low-level access to a network
interface (including monitoring traffic through that interface) is a
privileged operation, and a normal user is not allowed to do this.

In order to use a tool like Ethereal or tcpdump, you have to run it with
root privileges, or it will not be able to access the network interface.

For tcpdump, the easiest option (assuming you are running as a user with
admin privileges) is to run it with the 'sudo' command, e.g.

sudo tcpdump -i ppp0

It will ask for your password.

If you try to use it without the sudo command, it will say something
like this:

tcpdump: (no devices found) /dev/bpf0: Permission denied

(bpf0 is the first "Berkeley Packet Filter" device, which is used for
monitoring traffic on network interfaces. Using bpfN requires root
privileges.)

For Ethereal, the same problem will apply. I expect you can run Ethereal
via sudo (or using a similar technique).

> I haven't had a chance to try tcpdump yet but I would imagine it should
> work if it's supplied with the mbp.

I expect so. Again, you won't be able to monitor ppp0 until it actually
exists (after the connection is established).

Signature

David Empson
dempson@actrix.gen.nz

Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.