Ethereal-users: Re: [Ethereal-users] Layer 3+ and Layer 2 stuff also

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Guy Harris" <gharris@xxxxxxxxx>
Date: Thu, 26 Aug 2004 19:03:09 -0700 (PDT)
Phani Achanta said:
> how to pull both layer 2 and layer 3+ information on a sniff. It seems
> that when we just do a tethereal -i eth0 that we just get the normal
> layer3+ stuff.

"eth0" is presumably a Linux Ethernet device; if you capture on that,
tcpdump, Tethereal, Ethereal, and so on will get packets that include the
Ethernet header, i.e. the level 2 header.

However, tcpdump and Tethereal won't, by default, *print* that information
- they only print the top-level packet information.  Tcpdump will also
print link-layer information if given the "-e" flag; Tethereal doesn't
have a flag that'll print the link-layer information on the same line,
like tcpdump's "-e" flag, but if run with the "-V" flag it'll print out
*all* the layers.

Tcpdump and Tethereal will, of course, save all the packet data - in
binary (non-printable) form, which can be later read by tcpdump or
Tethereal or Ethereal - if run with the "-w" flag.