Results 1 to 3 of 3
Hey guys, I don't have a computer network so I can't try this out but I was just wondering how would the ethereal results differ from using ping with the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-27-2006 #1
- Join Date
- Oct 2006
Ethereal packet question
Hey guys, I don't have a computer network so I can't try this out but I was just wondering how would the ethereal results differ from using ping with the default packet size to using ping after setting the packet size to 40000 bytes?
Thanks for any advice
- 11-28-2006 #2
- Join Date
- Nov 2004
- Montreal, Canada
As far as I know, using a simple ping command wouldnt change anything.
ethereal would be a lot more usefull for reading sniffed packets.\"Meditative mind\'s is like a vast ocean... whatever strikes the surface, the bottom stays calm\" - Dalai Lama
\"Competition ultimatly comes down to one thing... a loser and a winner.\" - Ugo Deschamps
- 11-28-2006 #3
Caveat: I'm answering this for tcpdump, since I only use ethereal * to view tcpdump captures. I think it's accurate but you will want to investigate. There's almost certainly something directly analogous in ethereal.
In tcpdump by default it snarfs only the first 68 bytes of the packet. So if you made a larger ICMP echo request packet, it would not make any difference by default. But if you are snarfing the full packet then I'd imagine you will simply create larger output data because the packet is larger.
* P.S. Wireshark is the new ethereal! The whole former ethereal development team is there now.
Same developers, same code, different name. The Ethereal network protocol analyzer has changed its name to Wireshark.