Ethereal-users: Re: [Ethereal-users] Trapping Bad Packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sat, 13 Jul 2002 02:53:14 -0700
On Thu, Jul 11, 2002 at 04:16:51PM +0100, Lee Barron wrote:
> I am new to Ethereal so am a bit unfamiliar with its different uses, is it
> possible to use the software to identify bad packets and which devices they
> are originating from?

Ethereal doesn't really have a general notion of "bad packets", so it
won't identify them for you.  If you can look at a capture and, by hand,
determine what packets are "bad packets", and those packets have
link-layer addresses (such as Ethernet addresses) or network-layer
addresses (such as IP addresses) in them, you might be able to use the
source addresses in the packet to determine what machines are sending
the packet (although note that the link-layer address might not be the
right address to use for IP packets, as that might just the the address
of the router sending the packet - assuming that the problem isn't a
router corrupting a good packet).