Ethereal-users: Re: [Ethereal-users] Layer 3+ and Layer 2 stuff also

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Jerry Talkington <jtalkington@xxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 26 Aug 2004 18:56:27 -0700
On Thu, Aug 26, 2004 at 08:50:54PM -0500, Justin Walker wrote:
> 
> On Aug 26, 2004, at 20:02, Phani Achanta wrote:
> 
> >how to pull both layer 2 and layer 3+ information on a sniff. It seems
> >that when we just do a tethereal ?i eth0 that we just get the normal
> >layer3+ stuff.
> 
> I'm not sure what you mean by this.  Ethereal displays what libpcap 
> captures, which generally includes the entire frame as received by the 
> MAC driver.  For some media, there will be problems (due generally to 
> the device handler) in getting very low-level datagrams (e.g., those 
> generated in a wireless network to maintain the fabric).

For both tethereal and tcpdump, the size of the packets are limited
unless you specify -s 0 to remove the limit of the snapshot length:

 -s  Set the default snapshot length to use when capturing live data.
     No more than snaplen bytes of each network packet will be read into
     memory, or saved to disk.


-- 
GPG public key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x9D5B8762