Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Problem with IRIS Analyzer

Problem with IRIS Analyzer 13 years 1 month ago #389

  • taqpol
  • taqpol's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0

I have downloaded the time-limited version of Iris Network Analyzer.

I use XP with an ethernet modem ADSL and the connection is based on PPPoE, for the sake of precision I use RasPPPoE.

I have a second ethernet card that connects to a second computer.

When I run Iris it is possible to select the Ethrnet card to monitor, I have tried both.

When sniffing the traffic on the 2nd card, everything works fine, the second computer uses my computer as a gateway and Iris shows every packet, so I can see the packets and apply filters.

On the other hand, when sniffing the card connected to the ADSL modem, the capture shows a long list of VLAN package(!), no IP, no protocol, only the MAC addresses.

Browsing a single VLAN packet the structure top to bottom is

- MAC Header
- PPP-over-Ethernet Session
- IPv4 Header
- TCP Header

So the encapsulation in PPPoE seems to hide the TCP details to Iris and as a consequence filters are useless and even decode section.

Is there a way to configure Iris to fix this problem? I have been browsing the menus and config in detail but without success ... :-(

Please help ...

Thanx in advance :-)
The administrator has disabled public write access.

Problem with IRIS Analyzer 13 years 1 month ago #390

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Very interesting problem.

I've never tried sniffing PPPoE frames so I won't be able to help you with the problem directly.

I am very curious as to what is happening though and would like to ask if it is possible to capture some data and email it to us so we can analyse it and see what on earth is happening there!

Let me know if this is possible so I can give you the details.

Chris Partsenidis.
Founder & Editor-in-Chief
The administrator has disabled public write access.

Re: Problem with IRIS Analyzer 13 years 3 weeks ago #712

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Very interesting ! As chris said could you show us a dump of the output ?

I had some problems with IRIS sniffing a dial-up connections.. read 'some problems' as 'it didn't work' :) However the folks at eeye know what they're doing so i doubt its a problem with IRIS.. just to make sure, why dont you try using ethereal ?

Good Luck

Sahir Hidayatullah. Staff - Associate Editor & Security Advisor
The administrator has disabled public write access.
Time to create page: 0.080 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup