Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: [Ethereal-users] RE: trace file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Brahasita Ramanathan" <bramanathan@xxxxxxxxxxxxx>
Date: Tue, 26 Jul 2005 10:35:38 -0700
Is it possible to read ethereal trace file in perl. If so, please let me know.

-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx]On Behalf Of Guy Harris
Sent: Tuesday, July 26, 2005 9:46 AM
To: Ethereal user support
Subject: Re: [Ethereal-users] about filter


Alparslan Ozturk wrote:

> How can I see OSI model layer4 package in ethereal. 
> For examples: I want to see three-way handshake and
> especially virtual connections between two
> hosts.(established connections)

Well, the layers are, as I remember:

	1 - physical link layer
	2 - logical link layer
	3 - network layer
	4 - transport layer
	5 - session layer
	6 - presentation layer
	7 - application layer

so you mean "how can I see transport layer packets in Ethereal?"

If the transport layer is TCP, the way you see them is that you load a 
capture containing those packets in Ethereal, or you capture traffic 
with them in Ethereal.  There's nothing special that needs to be done to 
see the TCP 3-way handshake, other than having the SYN, SYN+ACK, and ACK 
in the capture file.

Ethereal can also dissect the OSI transport protocol when it runs atop 
the connectionless network protocol.  It will recognize packets running 
atop CLNP as COTP or CLTP if either

	1) COTP or CLTP is running atop the "inactive subset" of CLNP

or

	2) the last byte of the destination CLNP address is the value specified 
as the "NSAP selector for Transport Protocol" preference for CLNP

or

	3) the "Always try to decode NSDU as transport PDUs" preference for 
CLNP is set.

If you're thinking of some other transport layer protocol, *and* what 
you mean by "how can I see" is "Ethereal's not showing it to me when I 
capture traffic that contains that protocol or give it a capture file 
that contains that protocol; what do I need to do to fix this?", you'd 
need to tell us what particular transport layer protocol that is (and 
what protocols it's running on top of).

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube