Alparslan Ozturk wrote:
How can I see OSI model layer4 package in ethereal.
For examples: I want to see three-way handshake and
especially virtual connections between two
hosts.(established connections)
Well, the layers are, as I remember:
1 - physical link layer
2 - logical link layer
3 - network layer
4 - transport layer
5 - session layer
6 - presentation layer
7 - application layer
so you mean "how can I see transport layer packets in Ethereal?"
If the transport layer is TCP, the way you see them is that you load a
capture containing those packets in Ethereal, or you capture traffic
with them in Ethereal. There's nothing special that needs to be done to
see the TCP 3-way handshake, other than having the SYN, SYN+ACK, and ACK
in the capture file.
Ethereal can also dissect the OSI transport protocol when it runs atop
the connectionless network protocol. It will recognize packets running
atop CLNP as COTP or CLTP if either
1) COTP or CLTP is running atop the "inactive subset" of CLNP
or
2) the last byte of the destination CLNP address is the value specified
as the "NSAP selector for Transport Protocol" preference for CLNP
or
3) the "Always try to decode NSDU as transport PDUs" preference for
CLNP is set.
If you're thinking of some other transport layer protocol, *and* what
you mean by "how can I see" is "Ethereal's not showing it to me when I
capture traffic that contains that protocol or give it a capture file
that contains that protocol; what do I need to do to fix this?", you'd
need to tell us what particular transport layer protocol that is (and
what protocols it's running on top of).