Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Ethereal packet question

    Hey guys, I don't have a computer network so I can't try this out but I was just wondering how would the ethereal results differ from using ping with the default packet size to using ping after setting the packet size to 40000 bytes?

    Thanks for any advice

  2. #2
    Linux Engineer
    Join Date
    Nov 2004
    Montreal, Canada
    As far as I know, using a simple ping command wouldnt change anything.
    ethereal would be a lot more usefull for reading sniffed packets.
    \"Meditative mind\'s is like a vast ocean... whatever strikes the surface, the bottom stays calm\" - Dalai Lama
    \"Competition ultimatly comes down to one thing... a loser and a winner.\" - Ugo Deschamps

  3. #3
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Caveat: I'm answering this for tcpdump, since I only use ethereal * to view tcpdump captures. I think it's accurate but you will want to investigate. There's almost certainly something directly analogous in ethereal.

    In tcpdump by default it snarfs only the first 68 bytes of the packet. So if you made a larger ICMP echo request packet, it would not make any difference by default. But if you are snarfing the full packet then I'd imagine you will simply create larger output data because the packet is larger.

    Make sense?

    * P.S. Wireshark is the new ethereal! The whole former ethereal development team is there now.

    Same developers, same code, different name. The Ethereal network protocol analyzer has changed its name to Wireshark.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts