ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-users: Re: [Ethereal-users] Middle Pane configuration

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Beatriz Silva" <beatriz_hargrave@xxxxxxxx>
Date: Wed, 26 Jun 2002 05:02:29 -0500
Thanks again for the answer Guy !

Could you though explain me better what do you mean with this sentece ... 

device that supports "raw-mode" (PF_PACKET/SOCK_RAW) 

What is this raw-mode ? 

I really want to be able to see the destination mac address of the packet: would you have some other suggestion ?

Thanks,

Beatriz

----- Original Message -----
From: Guy Harris <guy@xxxxxxxxxx>
Date: Mon, 24 Jun 2002 13:43:19 -0700 
To: Beatriz Silva <beatriz_hargrave@xxxxxxxx>
Subject: Re: [Ethereal-users] Middle Pane configuration


> On Mon, Jun 24, 2002 at 09:37:24AM -0500, Beatriz Silva wrote:
> > I would like to include the mac destination address in the Linux
> > cooked capture ..  How can I do that ?
> 
> You can't.
> 
> A Linux cooked capture is a capture done with a PF_PACKET/SOCK_DGRAM
> socket.
> 
> In SOCK_DGRAM mode, the link-layer header is *NOT* supplied to the
> program reading from the socket - it's stripped off of the packet data. 
> Therefore, the MAC destination address is not supplied as part of the
> packet data.
> 
> If you do a "recvfrom()" call to read from the socket - that's what
> libpcap does, and Ethereal just uses libpcap to capture packets - you
> get the *source* address of the packet, and some other information, but
> you do *not* get the destination address of the packet.
> 
> If you want the MAC destination address, you will have to capture on a
> device that supports "raw-mode" (PF_PACKET/SOCK_RAW) capturing.  The
> "any" device does not support this, and you cannot get the MAC
> destination address when you capture on the "any" device.
> 
> > How can I configure what
> > information is going to be displayed in the middle pane ?
> 
> You can't - the information that's displayed in the middle pane is the
> information that's available in the packet, and, when capturing in
> cooked mode, the MAC destination address is *NOT* available.
> 
> > Is the Linux cooked capture, the equivalent to the Ethernet packets fields ?
> 
> No.  The link-layer header that's constructed by libpcap when capturing
> in cooked mode contains the fields that are shown under "Linux cooked
> capture".
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
> 

-- 
__________________________________________________________

Sign-up for your own FREE Personalized E-mail at Mail.com

http://www.mail.com/?sr=signup



Save up to $160 by signing up for NetZero Platinum Internet service.

http://www.netzero.net/?refcd=N2P0602NEP8
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube