Problem with IRIS Analyzer

Hello,

I have downloaded the time-limited version of Iris Network Analyzer.

I use XP with an ethernet modem ADSL and the connection is based on PPPoE, for the sake of precision I use RasPPPoE.

I have a second ethernet card that connects to a second computer.

When I run Iris it is possible to select the Ethrnet card to monitor, I have tried both.

When sniffing the traffic on the 2nd card, everything works fine, the second computer uses my computer as a gateway and Iris shows every packet, so I can see the packets and apply filters.

On the other hand, when sniffing the card connected to the ADSL modem, the capture shows a long list of VLAN package(!), no IP, no protocol, only the MAC addresses.

Browsing a single VLAN packet the structure top to bottom is

- MAC Header
- PPP-over-Ethernet Session
- IPv4 Header
- TCP Header

So the encapsulation in PPPoE seems to hide the TCP details to Iris and as a consequence filters are useless and even decode section.

Is there a way to configure Iris to fix this problem? I have been browsing the menus and config in detail but without success ...

Please help ...

Thanx in advance

Very interesting problem.

I've never tried sniffing PPPoE frames so I won't be able to help you with the problem directly.

I am very curious as to what is happening though and would like to ask if it is possible to capture some data and email it to us so we can analyse it and see what on earth is happening there!

Let me know if this is possible so I can give you the details.

Cheers,

Very interesting ! As chris said could you show us a dump of the output ?

I had some problems with IRIS sniffing a dial-up connections.. read 'some problems' as 'it didn't work' However the folks at eeye know what they're doing so i doubt its a problem with IRIS.. just to make sure, why dont you try using ethereal ?

Good Luck

Sahir.