- Posts: 1
- Thank you received: 0
Problem with IRIS Analyzer
21 years 3 months ago #389
by taqpol
Problem with IRIS Analyzer was created by taqpol
Hello,
I have downloaded the time-limited version of Iris Network Analyzer.
I use XP with an ethernet modem ADSL and the connection is based on PPPoE, for the sake of precision I use RasPPPoE.
I have a second ethernet card that connects to a second computer.
When I run Iris it is possible to select the Ethrnet card to monitor, I have tried both.
When sniffing the traffic on the 2nd card, everything works fine, the second computer uses my computer as a gateway and Iris shows every packet, so I can see the packets and apply filters.
On the other hand, when sniffing the card connected to the ADSL modem, the capture shows a long list of VLAN package(!), no IP, no protocol, only the MAC addresses.
Browsing a single VLAN packet the structure top to bottom is
- MAC Header
- PPP-over-Ethernet Session
- IPv4 Header
- TCP Header
So the encapsulation in PPPoE seems to hide the TCP details to Iris and as a consequence filters are useless and even decode section.
Is there a way to configure Iris to fix this problem? I have been browsing the menus and config in detail but without success ...
Please help ...
Thanx in advance
I have downloaded the time-limited version of Iris Network Analyzer.
I use XP with an ethernet modem ADSL and the connection is based on PPPoE, for the sake of precision I use RasPPPoE.
I have a second ethernet card that connects to a second computer.
When I run Iris it is possible to select the Ethrnet card to monitor, I have tried both.
When sniffing the traffic on the 2nd card, everything works fine, the second computer uses my computer as a gateway and Iris shows every packet, so I can see the packets and apply filters.
On the other hand, when sniffing the card connected to the ADSL modem, the capture shows a long list of VLAN package(!), no IP, no protocol, only the MAC addresses.
Browsing a single VLAN packet the structure top to bottom is
- MAC Header
- PPP-over-Ethernet Session
- IPv4 Header
- TCP Header
So the encapsulation in PPPoE seems to hide the TCP details to Iris and as a consequence filters are useless and even decode section.
Is there a way to configure Iris to fix this problem? I have been browsing the menus and config in detail but without success ...
Please help ...
Thanx in advance
21 years 3 months ago #390
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Problem with IRIS Analyzer
Very interesting problem.
I've never tried sniffing PPPoE frames so I won't be able to help you with the problem directly.
I am very curious as to what is happening though and would like to ask if it is possible to capture some data and email it to us so we can analyse it and see what on earth is happening there!
Let me know if this is possible so I can give you the details.
Cheers,
I've never tried sniffing PPPoE frames so I won't be able to help you with the problem directly.
I am very curious as to what is happening though and would like to ask if it is possible to capture some data and email it to us so we can analyse it and see what on earth is happening there!
Let me know if this is possible so I can give you the details.
Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
21 years 2 months ago #712
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Problem with IRIS Analyzer
Very interesting ! As chris said could you show us a dump of the output ?
I had some problems with IRIS sniffing a dial-up connections.. read 'some problems' as 'it didn't work' However the folks at eeye know what they're doing so i doubt its a problem with IRIS.. just to make sure, why dont you try using ethereal ?
Good Luck
Sahir.
I had some problems with IRIS sniffing a dial-up connections.. read 'some problems' as 'it didn't work' However the folks at eeye know what they're doing so i doubt its a problem with IRIS.. just to make sure, why dont you try using ethereal ?
Good Luck
Sahir.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.117 seconds