Any ethereal users out there that can help me? I was just using Knoppix 5.0.1 DVD and ethereal (started by root from a terminal by typing sudo ethereal) and I had a probem that seemed strange. I could run ethereal OK, but I couldn't get it to display the captured packets in real time while it was still capturing. I played with the setting a lot, turned on the options that claimed to do this, restasted capturing, stopped and started capturing and even restarted ethereal, but I couldn't get it to dislay the packets in real time. When I stopped the capture then all of the captured packets were there for me to examine to my hearts content. I noted that this version of ethereal is 0.99.9.

Knowing I have made this work before, I backed up to Knoppix 4.0.2 and tried again. I was very surprised to see that 4.0.2 gave me the same problem. This time the version was 0.10.12.

OK, maybe it's been a while since I ran ethereal from Knoppix (I use the WIndows version sometimes). So I dug out my old CDs and booted Knoppix 3.2. Started ethereal as root. Boy, the user interface sure has evolved since then, but I found the same settings to enable real time capture, display and scrolling and enabled them. Started a capture and this time ethereal displayed packets as they were captured as desired. This version is marked 0.9.12.

So does anyone know why I would be having problems getting ethereal to display packets in real time? I wouldn't be too shocked if this were something that happened only in 0.99.0 but it seems pretty unlikely that it would be a problem that spans versions 0.10.2 to 0.99.0 for such a popular program. Could it be a Knoppix issue (like a choice of display software)? And most importantly, is there anything that I can do to get this handy capability back in the current version of Knoppix?

An update to my previous post:

I have determined that real time display works properly after installing ethereal to Debian etch. This on a system with far less resources than the first one that Knoppix failed on (Knoppix fails on this one two) and with the same etting that fail under Knoppix. This is version 0.99.0, the same version as in Knoppix.

Any insight into the source of the problem still very much welcome.

Hi HK,
Using the CD version of 5.0 , I did the following:

Booted: knoppix 2, then at the root shell:startx

Started ethereal k->internet-->ethereal

click on capture

check Update packets in real time
check Automatic scrolling ....

seems to work that way, but will post back with results as user knoppix, sudo

HTH

Regards

From the 5.0 CD, sudo ethereal, same options checked as before - same results- scrolls right along.

version is 0.99.0

Post any additional info that would help ...

Thanks for the info Rusty. You seem to have it working, yet I don't. The system is tied up with a long download at the moment, but as soon as it is free I'll try following your steps. Any insight on what might be different? Different video driver perhaps? (I have an Nvidia Gforce 3 card in the system in question; I will have to test it on an ATI based system as well). This is really bugging me, both because I find Knoppix and ethereal a very handy networking debigging tool, and simply because it used to work in older versions and it still should work. I'll post back when (and if) I know more.

Well, I'm completely at a loss to know what is currently happening. After getting real time display of captured packets working on both ATI based systems, my download finished on the Nvidia based system. I shut it down and booted the Knoppix 5.0.1 DVD (same disc as before). I went through he start-up pricedure exactly as I had on the two ATI systems. And when I told it to capture packets, this time the screen came up in real time capture mode. I'm at a loss to know what is different now; I did this several times a few hours ago and it failed consistently. I even saw the failure with 4.0.2 DVD (which was completely unexpected), the the sucess with an old Knoppix 3.2 and then the failure yet again with 5.0.1. Why it s working now I have no idea. I plan on looking into this further, but that's best put off until I get some sleep.

Thanks very much for the feedback and testing on your system Rusty, without it I would have believed the fault was with Knoppix and not kept at it.

FWIW, no problems here on my nvidia machine with 5.0, as user knoppix, or sudo ethereal.