Ethereal-users: Re: [Ethereal-users] Looking at RAW Ethernet Packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Tue, 24 Jun 2003 21:35:32 -0700
On Tue, Jun 24, 2003 at 03:38:52PM -0400, Scott Buratt wrote:
> Can Ethereal be configured to look at RAW ethernet packets?

What do you mean by "raw"?

It does not support looking at, for example, a packet consisting of raw
8B/10B symbols from gigabit Ethernet.

It does, however, support looking at the bytes of an Ethernet frame as
delivered to a host, starting with the 14-byte MAC header.  There's no
configuration to do for that - if it sees an Ethernet capture file,
it'll assume it's full of frames like that.

You might have to configure your machine to support having Ethereal
*capture* those packets.  How that's done, if it's necessary at all, is
OS-specific:

	if your OS is Windows, you will need to install WinPcap:

		http://winpcap.polito.it/

	if you are using some UNIX-flavored OS, see

		http://www.ethereal.com/faq.html#q5.16

	and if your OS isn't mentioned there, it means either that no
	configuration is necessary or that nobody who's maintained the
	FAQ has ever used it and thus nobody who's ever maintained the
	FAQ knows whether configuration is necessary or, if it is, what
	configuration is necessary.