Re: Does Ethereal lose packets?

From: NeoSadist (neosad1st_at_charter.net)
Date: 02/02/04


Date: Sun, 01 Feb 2004 23:09:12 -0700

Justin Gombos wrote:

> I ran nmap with a Windows XP box as a target, while using ethereal to
> sniff the traffic. It found a few open ports, one of which was 445
> (microsoft-ds). I used this ethereal filter on a large dump of
> packets:
>
> tcp.flags eq 0x0012 && tcp.port == 445
>
> No packets came from port 445 of the target host.
>
> Then I repeated the process, and there was a SYN ACK packet the second
> time. Why would this happen? Are the packets moving too fast for
> ethereal to grab them all?

Maybe you're trying to catch packets in permiscuous mode, or not in
permiscuous mode. Please try using permiscuous mode and tell us if it
still has this problem.

-- 
Pardon this fortune.  Database under reconstruction.


Relevant Pages

  • Re: drop or reject
    ... It's a D-Link DI-604 Router on a home system. ... >There are three very simple rules about services and open ports: ... >look in the logs, ... >unwanted packets you are going to save your bandwidth, ...
    (comp.security.firewalls)
  • Re: Reverse http traffic
    ... Linksys calls it a firewall feature, and it has logs - but not everyone ... >> mystery packets directed to the problem machine or to the router ... Check open ports on the suspect ...
    (Incidents)
  • Re: Does Ethereal lose packets?
    ... > Maybe you're trying to catch packets in permiscuous mode, ... I'm only sniffing packets that are leaving or destined for the machine ... Promiscuous mode, from what I understand, only ... me that turning on promiscuous mode is also turning on reliability, ...
    (comp.security.firewalls)
  • Does Ethereal lose packets?
    ... sniff the traffic. ... It found a few open ports, ... No packets came from port 445 of the target host. ...
    (comp.security.firewalls)
  • Machine blocks all incoming packets with firewall off
    ... remote desktop. ... A port scan of my IP yields no open ports, all packets ...
    (microsoft.public.windowsxp.help_and_support)