Wireshark-users: Re: [Wireshark-users] [Ethereal-users] How does Ethereal interact with Fedora Co
From: Guy Harris <[email protected]>
Date: Wed, 13 Sep 2006 11:26:14 -0700
Michael Cobb wrote:
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to [email protected]
Don't forget to unsubscribe from this list at


Can anyone explain to me how Ethereal relates to Fedora?
The same way Wireshark relates to it (see the above note).  This 
discussion should probably be continued on the wireshark-users mailing 
list; I'm sending this to that list as well.
At what OS level is displaying a capture from? I’m not a developer, but need to be certain that packets displayed by Ethereal are indeed being presented from the OS to an application that is running.
Wireshark (and Ethereal) capture traffic using the libpcap library; on 
Linux, that works by opening a "PF_PACKET socket", from which it 
receives the packets.
Packets delivered to a PF_PACKET socket aren't necessarily delivered to 
some other socket; they might be delivered to a networking protocol such 
as TCP or UDP, but that won't necessarily deliver them to a socket.
I am currently sniffing and seeing the packets in Ethereal. However the developer of the application has inserted debugging code to display when it receives those packets, but it does not acknowledge receiving them. I need to determine if this means the problem is OS related or application related.
It's *probably* application-related.  Are the packets TCP, UDP, or some 
other protocol?  Does the application have a socket open to receive 
those packets?