Wireshark · Ethereal-users: Re: [Ethereal-users] When are the packets captured

Ethereal-users: Re: [Ethereal-users] When are the packets captured

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Wed, 17 Oct 2001 02:12:06 -0700

On Wed, Oct 17, 2001 at 11:10:46AM +0300, Panagiotis Galiotos wrote:
>     in order to debbug one of my applications I'm using Ethereal.  I
>     would like to know exactly at which point do Ethereal grab the packets??
>     I mean it grabs the buffer at the sender or the buffer at the
>     receiver

Ethereal grabs the packets wherever libpcap (which is what it uses for
packet capture) grabs them, and libpcap grabs them wherever the
underlying mechanism in the OS (the mechanism that libpcap uses) grabs
them.

If you are capturing on some network device, packets will be
handed to the underlying mechanism by the network device driver or
networking stack code just above it.  This applies to incoming
packets - and also applies to outgoing packets (i.e., packets
sent by the machine running Ethereal, or tcpdump/WinDump, or Analyzer,
or KSnuffle, or Etherape, or whatever libpcap/WinPcap-based program
you're running).

So the answer is "it grabs the buffer at the sender for packets being
sent by the machine running Ethereal, and at the receiver - i.e., the
machine running Ethereal - for other packets".

References:
- [Ethereal-users] When are the packets captured
  - From: Panagiotis Galiotos

Prev by Date: [Ethereal-users] When are the packets captured
Next by Date: [Ethereal-users] Install issues with WinNT4 and Win2K
Previous by thread: [Ethereal-users] When are the packets captured
Next by thread: [Ethereal-users] Install issues with WinNT4 and Win2K
Index(es):
- Date
- Thread