Wireshark-users: Re: [Wireshark-users] [Ethereal-users] How does Ethereal interact with Fedora Co
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 13 Sep 2006 11:26:14 -0700
Michael Cobb wrote:
-------------------
The Ethereal project is being continued at a new site.  Please go to
http://www.wireshark.org and subscribe to wireshark-users@xxxxxxxxxxxxx.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------



------------------------------------------------------------------------

Can anyone explain to me how Ethereal relates to Fedora?

The same way Wireshark relates to it (see the above note). This discussion should probably be continued on the wireshark-users mailing list; I'm sending this to that list as well.

At what OS level is displaying a capture from? I’m not a developer, but need to be certain that packets displayed by Ethereal are indeed being presented from the OS to an application that is running.

Wireshark (and Ethereal) capture traffic using the libpcap library; on Linux, that works by opening a "PF_PACKET socket", from which it receives the packets.

Packets delivered to a PF_PACKET socket aren't necessarily delivered to some other socket; they might be delivered to a networking protocol such as TCP or UDP, but that won't necessarily deliver them to a socket.

I am currently sniffing and seeing the packets in Ethereal. However the developer of the application has inserted debugging code to display when it receives those packets, but it does not acknowledge receiving them. I need to determine if this means the problem is OS related or application related.

It's *probably* application-related. Are the packets TCP, UDP, or some other protocol? Does the application have a socket open to receive those packets?