Wireshark · Ethereal-users: [Ethereal-users] [Fwd: Ethereal statistics reporting]

Ethereal-users: [Ethereal-users] [Fwd: Ethereal statistics reporting]

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Wed, 15 Jun 2005 18:39:32 -0700

Hi,
I am looking for a response, please.

Have to know what packets go to what bucket. How a decision is madewhich packets go where?

When stats (conversations) are ran what packets end up on the IP tab?Are IP - ESP packets counted to this tab? What if there is TCP belowESP - where these packets end up?


Appreciate your help very much !!

-Alex

--- Begin Message ---

From: Alex <alexle4@xxxxxxxxxxx>

Date: Tue, 14 Jun 2005 11:23:51 -0700
Hi,
Sorry if am asking a question, which is in the docs, but I did not find.
Suppose I am capturing a traffic mix - clear text and IPSec with ESP (noencryption), but TCP header is shifted back.
How TCP statistics are reported in this case?
Manual says: *"TCP* a TCP endpoint is a combination of the IP addressand the TCP port used, so different TCP ports on the same IP address aredifferent TCP endpoints."
My guess is that Ethereal does not see ports and cannot not recognizeTCP as TCP. It reads it as ESP....but actually it is a TCP packet.
Basically the bigger question is "what to trust" and "what not to trust"on stats? What stats screen is actually shows? I am wondering if my ESPtraffic even counted...
Thanks much,
-Alex
--- End Message ---

Follow-Ups:
- Re: [Ethereal-users] [Fwd: Ethereal statistics reporting]
  - From: ronnie sahlberg

Prev by Date: Re: [Ethereal-users] RDP & ethereal
Next by Date: Re: [Ethereal-users] Finding tcp syn packets without response.
Previous by thread: Re: [Ethereal-users] new to ethereal (understanding data captured)
Next by thread: Re: [Ethereal-users] [Fwd: Ethereal statistics reporting]
Index(es):
- Date
- Thread