not sniffing anything

[digger69]

Newbie question !!!

Downloaded URLSnooper 2 yesterday.  The download link showed version 2.04.01.  The about box tells me version 2.04.03.  And the window title bar shows 2.04.02.  ???

Nevertheless, the problem is I can't snoop any URLs at all.  After choosing the network adapter and start Sniff Network I can't even see URLSnooper counting packets.  Using Ethereal packet sniffing on the same network adapter works just fine.  Makes me guess the problem is not WinPcap or non supported hardware.  By the way, during the usage of URLSnooper, Ethereal was not running.  Tried with option "Only scan this computer" switched on and off.

Running Windows XP Professional fully patched, except SP2.

Any ideas???

Thnaks for your help.

[mouser]

hi digger,
looks like i need to fix some version info inconsistencies.

your guess about the problem is the most likely explanation - that is that it is a winpcap incompatibility with your modem hardware.
what kind of modem do you have?  if you are not seeing the countiner of packets then for sure its detecting any packets.

try searching winpcap support page: http://www.winpcap.org/contact.htm

HOWEVER:
my understanding is that ethereal uses winpcap,
so if ethereal works then i think there is no reason that url snooper shouldn't!
can you compare the network card selection list in both programs, see if they are the same or similar, make sure you have the proper card selected.
reboot your computer to make sure it has a chance to register the new winpcap drivers.

please do give us a follow up after trying these things - like i said if ethereal uses winpcap and works then there is absolutely no reason why url snooper shouldn't work.

[digger69]

Hi Mouser

Thanks for your reply.

I'm using WinPcap 3.1.  I uninstalled and reinstalled WinPcap. I rebooted my PC 2 times.  I tried using URLSnooper right after rebooting the PC.  Nothing, not even one package was captured.  Closing URLSnooper and starting Ethereal.  Here there are the packets.  Closing Ethereal and retrying URLSnooper.  Same result, not even one URL gets captured.  (Where do I have to check the packet counter???)

By the way, I'm using the build-in wireless network card of my IBM Thinkpad T41 notebook.  To show my settings, I took some screenshots.  Hopefully you could see those in the attachment.

Since Ethereal works just fine, I still don't think the problem is WinPcap or my hardware.

Thanks a lot for your support.

Best regards
Stefan

[mouser]

i think i remember something about intel capturing not working in promiscuous mode, but i see you have url snooper set to only capture from your computer, which should bypass that.  but maybe there is something i'm doing wrong there.  i will take a look at ethereal and url snooper and see what i can figure out.

from what you're saying, url snooper must be doing something differently than ethereal, that we should be able to fix if you stick with me and we try some experiments.  i will try to have some tests to try this weekend and we can try to figure it out.

in your "Capture Options" screen in ethereal, if you check "promiscuous mode", does ethereal still work?

[digger69]

If "promiscuous mode" is checked, ehtereal doesn't work either.  It looks like you are on the right way.

[mouser]

yep, i'm guessing that i used an alternative way to restrict packets to the computer which is always basically in promiscuous mode, so your intel ethernet is not working - i should be able to fix this weekend.

[digger69]

Hi mouser

Anything new on this issue???

[mouser]

are you going to be around for an hour or two to test?

[mouser]

lots of betas this week:

https://www.donation.../Beta/URLSnooper.exe


· Version 2.04.04 - 10/02/05 
1) the method turning off promiscuous mode has been adjusted to better work around bugs preventing some lan adapaters (ibm) from sniffing unless promiscous mode is turned off in a specific fashion. If your adapter doesn't seem to sniff traffic make sure to try checking "only from this computer" option.
2) the only sniff from this computer option has been made default.


Please let me know if it works digger (make sure to check the box that says "only sniff this computer" in options)


note that you do not have to reinstall winpcap, and you can install this version on top of older version without uninstalling.

[digger69]

Hi mouser

I will test later today and report.

[digger69]

Hi Mouser

Congratulations!!!

Version 2.04.04 works with "Scan only this computer" switched on.  Without this option switched on I still wasn't able to sniff anything.  I guess this behaviour is like expected.

As you mentioned, I only installed URLSnooper and kept WinPcap untouched.

[mouser]

great

yep, as i said this is a known problem with some (especially ibm) network adapters that can only scan in non-promiscuous mode.
in previous version of url snooper i was always leaving the adapter in promiscuous mode and using a different technique to restrict scanning to only the current ip.  now i officially switch the adapter between promiscuous and non-promiscuos mode, and i guess that was what was needed for your network adapter

glad to hear it works, i'll make it an official release tonight and i expect your bug report will end up helping quite a few people who had same problem as you

thanks for the report and patience.  it's so nice to have good beta testers here!
-mouser