kavita@xxxxxxxxxxxxx wrote:
1. On ppp0 interface, which traffic Ethereal listens. Whether it listens
traffic between data card/modem and socket or between modem and kernel or
traffic going or coming to data card.
It listens at whatever layer the underlying packet capture mechanism
libpcap/WinPcap uses listens, as Ethereal/Wireshark uses libpcap on UN*X
and WinPcap on Windows to capture traffic.
That means it listens to traffic received by the PPP code in the OS from
the networking layer above it and supplied by the PPP code in the OS to
the networking layer (i.e., you will *NOT* see RFC 1662-style escape bytes).
2. On ppp0 interface if we send ICMP packet of size greater than 7300
bytes from sender machine and if 100 packets of 7300 bytes are sent
through ping program , 7300 bytes are splitted into 5 fragments. Now in
Ethereal log on sender m/c I found that for the packet if all 5 fragments
of it are not sent then Ethereal has logged all the fragments till all the
fragments of that packet are sent successfully. Who is sending repeated
fragments till all the fragments are successfully sent
So the capture file shows some fragments being sent multiple times?
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users