Thanks for a response.
It is UDP Multicast.
-----Original Message-----
On Behalf Of Guy Harris
Sent: Wednesday, September
13, 2006 2:26 PM
To: Ethereal user support;
Community support list for Wireshark
Subject: Re:
[Ethereal-users] How does Ethereal interact with Fedora Core?
-------------------
Michael Cobb wrote:
> Can anyone explain to
me how Wireshark relates to Fedora?
The same way Wireshark
relates to it (see the above note). This discussion should probably be
continued on the wireshark-users mailing list; I'm sending this to that list as
well.
> At what OS
> level is displaying a
capture from? I’m not a developer, but need to
> be certain that packets
displayed by Ethereal are indeed being
> presented from the OS
to an application that is running.
Wireshark (and Ethereal)
capture traffic using the libpcap library; on Linux, that works by opening a
"PF_PACKET socket", from which it receives the packets.
Packets delivered to a
PF_PACKET socket aren't necessarily delivered to some other socket; they might
be delivered to a networking protocol such as TCP or UDP, but that won't
necessarily deliver them to a socket.
> I am currently sniffing
and seeing the packets in Wireshark. However
> the developer of the
application has inserted debugging code to
> display when it
receives those packets, but it does not acknowledge
> receiving them. I need
to determine if this means the problem is OS
> related or application
related.
It's *probably*
application-related. Are the packets TCP, UDP, or some other protocol? Does
the application have a socket open to receive those packets?
