Hi gang,

great FAQ on how to install, got it up and running of sorts.

Running mandrake 8.1 and seq, when i fire up seq i dont get any packet sniffing. i start it up as
./showeq -i eth1 192.168.1.102

eth1 is second network card in linux box
.102 is address of eq client
.100 is address of seq box

config is

router
|
hub
| |
EQ seq


when i access network stuff from linux box it works fine, just isnt doing the promiscious sniffing. can ping from both boxes etc (pretty network literate)

is there a toggle or something im missing? in seq i do a network -> monitor eq client ip.. etc and that doesnt do it either

any help would really be appreciated - thinking its something silly i am overlooking

thanks

So, $20 bucks on the fact that your hub is a either:

a) a switch

or

b) a linksys "hub" (which is really a switch)

or

c) They are on different planes (1 box is 10Mbit, other is 100Mbit)

--Jeeves

Whoa!

I read your post more carefully... Why do you have 2 network cards in your system? You dont need 2 cards in this configuration.

--Jeeves

What jeeves said. Also I think there is an error in your command. Try "showeq -i eth0 --ip-address 192.168.1.102"

If your Linux box isn't acting as your router, you only need one nic. My guess is that the second nic isn't what you want to be sniffing.

You could also just start it with "showeq" and then click the option to detect the next EQ session - I believe it's under the Network menu. That's how I do it.

--ip-address=IP

(missing the = )

:)

the = is optional. from getopt(3)


optstring is a string containing the legitimate option
characters. If such a character is followed by a colon,
the option requires an argument, so getopt places a
pointer to the following text in the same argv-element, or
the text of the following argv-element, in optarg.

in other words --ip-address x.x.x.x is the same as --ip-address=x.x.x.x

damn, that neato. i wish i knew these thigns before i made myself look st00pid

thanks for the responses...

linux box has two network cards in it because one is built into the motherboard, the other is a 5-pot hub/switch card in it. The on-board card has issues so I just haven't used it.

the hub tying it all together is a 10mb hub - the router is a linksys router/firewall/WAP. But I put the hub in because I know switches dont work for promiscious sniffing (I work in automation area and do some network monitoring). That's why it was stumping me, it all should work

I'll try the command difference, I pulled the cmd I was running straight off the FAQ, but will give the -- instead of -(one dash).

do both boxes need to be at the same speed? as in, the EQ client is at 10mb, the SEQ box also has to be 10MB? pretty sure the hub they are both plugged into is a 10mb hub so moot but was curious on this

one other thing, would the command string even matter, if after I fired up showeq I went to Network->Monitor IP Client -> Ip address and typed in the new IP address? I assumed that would initiate a new session with whatever IP I put in there

final question for my peace of mind - the IP I type in with the command string IS the IP of the eq client right? That's the way I read it, if it is supposed to be the IP of the SEQ box then that would be my issue.

thanks again for all the help. btw the SEQ box works on the network fine, so I'm pretty sure it's not a NIC problem, just can't for the life of me nail this down. Hopefully its that extra dash in the cmd string

Yes, it is the IP of the EQ client.

Try doing a tcpdump on your linux box, while you are playing EQ. Do you see traffic between your linux box and the EQ server?

Are you running the dreaded and evil protocol known as PPPOE?

--Jeeves

I just wanted to add some redundancy, so we can determine whether Jeeves owes you $20. Your 5 port hub is NOT made by Linksys, only your router is, yes?

correct, the hub is a 10mb dumb hub

the router is a 100mb linksys router/WAP =)

I'll post the address to send the check to later. thanks again for all the help guys, really appreciated

I wouldnt sit by the mailbox and wait for the check if I were you :)

Does your last post imply that you got it working?

--Jeeves

Originally posted by mgvhero
linux box has two network cards in it because one is built into the motherboard, the other is a 5-pot hub/switch card in it. So, what you're saying is you have a NIC that has 5ports on it? if that's the case you might sniffing the wrong NIC. Everytime I've worked with Quad NICs, each port shows up as a seperate logical device. for example You're card has 5ports ,your ifconfig would show eth0, eth1, eth2, eth3, and eth4. Even though you only have 1 physical device...

Can't say that I've ever come across a NIC that has more than 4 ports on it. So maybe I'm miss understanding.

woot!

not sure if it was the cmd line or the 4-port nic i was trying to use - disabled the 4port nic, went back to the on-board nic (eth0) and ran the cmd line as described above, lit up like a xmas tree! Thanks again for all teh help

now the sad thing is i'll prolly never even use this program, but it was something I wanted to get going just because :) we all know how that goes.

thanks a ton for the help, will test later but if I had to make a guess I would throw a rock at the 4-port switch card inside my machine. It's a 10/100 switch card with 4 ports on it, PCI card. usually behaves like a normal LAN card but guess it wont in this case =)

just ecstatic to have gotten it working - thanks again

JR