Wireshark · Ethereal-dev: Re: [Ethereal-dev] Ethereal & Layer 3 tapping

Ethereal-dev: Re: [Ethereal-dev] Ethereal & Layer 3 tapping

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Tue, 8 Apr 2003 11:23:41 -0700

On Tue, Apr 08, 2003 at 11:11:27PM +0530, Jambunathan Kalyanasundaram wrote:
> Is it possible for me to do a logging of
> just Layer 3 ( IP ) and above.

See my previous message.

If *all* the traffic is IP, you can use DLT_RAW as the libpcap link-layer
type.  However, there must be *NO* ARP, IPX, or any other type of non-IP
traffic in your capture.

Otherwise, you will need some way to get at the packet type (IP, ARP,
IPX, etc.), and you will need to provide some form of fake link-layer
header that includes the packet type.

> Will this Layer 3 logging limit the utility
> of Ethereal.

Yes.  It will limit your ability to see the link-layer header.  Most if
not all of the analysis above that layer should work, however.

References:
- [Ethereal-dev] Ethereal & Layer 3 tapping
  - From: Jambunathan Kalyanasundaram

Prev by Date: [Ethereal-dev] Dissector output floats
Next by Date: Re: [Ethereal-dev] Dissector output floats
Previous by thread: [Ethereal-dev] Ethereal & Layer 3 tapping
Next by thread: Re: [Ethereal-dev] Ethereal & Layer 3 tapping
Index(es):
- Date
- Thread