Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: [Ethereal-users] Ethereal statistics reporting

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Alex <alexle4@xxxxxxxxxxx>
Date: Tue, 14 Jun 2005 11:23:51 -0700
Hi,
Sorry if am asking a question, which is in the docs, but I did not find.
Suppose I am capturing a traffic mix - clear text and IPSec with ESP (no encryption), but TCP header is shifted back. 

How TCP statistics are reported in this case?
Manual says: *"TCP* a TCP endpoint is a combination of the IP address and the TCP port used, so different TCP ports on the same IP address are different TCP endpoints."
My guess is that Ethereal does not see ports and cannot not recognize TCP as TCP. It reads it as ESP....but actually it is a TCP packet.
Basically the bigger question is "what to trust" and "what not to trust" on stats? What stats screen is actually shows? I am wondering if my ESP traffic even counted... 

Thanks much,
-Alex
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube