Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Yanıt: Re: [Ethereal-users] about filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Alparslan Ozturk <alparslan_ozturk@xxxxxxxxx>
Date: Tue, 26 Jul 2005 23:26:40 +0300 (EEST)
Hi,

I want to see tcp transport protocol according to OSI
model. Now I found three-way handshake in the capture
file. thank you for your informative reply.



--- Guy Harris <gharris@xxxxxxxxx> yazdı:

> Alparslan Ozturk wrote:
> 
> > How can I see OSI model layer4 package in
> ethereal. 
> > For examples: I want to see three-way handshake
> and
> > especially virtual connections between two
> > hosts.(established connections)
> 
> Well, the layers are, as I remember:
> 
> 	1 - physical link layer
> 	2 - logical link layer
> 	3 - network layer
> 	4 - transport layer
> 	5 - session layer
> 	6 - presentation layer
> 	7 - application layer
> 
> so you mean "how can I see transport layer packets
> in Ethereal?"
> 
> If the transport layer is TCP, the way you see them
> is that you load a 
> capture containing those packets in Ethereal, or you
> capture traffic 
> with them in Ethereal.  There's nothing special that
> needs to be done to 
> see the TCP 3-way handshake, other than having the
> SYN, SYN+ACK, and ACK 
> in the capture file.
> 
> Ethereal can also dissect the OSI transport protocol
> when it runs atop 
> the connectionless network protocol.  It will
> recognize packets running 
> atop CLNP as COTP or CLTP if either
> 
> 	1) COTP or CLTP is running atop the "inactive
> subset" of CLNP
> 
> or
> 
> 	2) the last byte of the destination CLNP address is
> the value specified 
> as the "NSAP selector for Transport Protocol"
> preference for CLNP
> 
> or
> 
> 	3) the "Always try to decode NSDU as transport
> PDUs" preference for 
> CLNP is set.
> 
> If you're thinking of some other transport layer
> protocol, *and* what 
> you mean by "how can I see" is "Ethereal's not
> showing it to me when I 
> capture traffic that contains that protocol or give
> it a capture file 
> that contains that protocol; what do I need to do to
> fix this?", you'd 
> need to tell us what particular transport layer
> protocol that is (and 
> what protocols it's running on top of).
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
>
http://www.ethereal.com/mailman/listinfo/ethereal-users
> 


Alparslan Ozturk
alparslan_ozturk@xxxxxxxxx


		
___________________________________________________________________
Yahoo! kullaniyor musunuz?  http://tr.mail.yahoo.com
Istenmeyen postadan biktiniz mi? Istenmeyen postadan en iyi korunma 
Yahoo! Posta’da
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube