Results 1 to 3 of 3
Hey guys, I don't have a computer network so I can't try this out but I was just wondering how would the ethereal results differ from using ping with the ...
- 11-27-2006 #1Just Joined!
- Join Date
- Oct 2006
- Posts
- 8
Ethereal packet question
Hey guys, I don't have a computer network so I can't try this out but I was just wondering how would the ethereal results differ from using ping with the default packet size to using ping after setting the packet size to 40000 bytes?
Thanks for any advice
- 11-28-2006 #2Linux Engineer
- Join Date
- Nov 2004
- Location
- Montreal, Canada
- Posts
- 1,267
As far as I know, using a simple ping command wouldnt change anything.
ethereal would be a lot more usefull for reading sniffed packets.\"Meditative mind\'s is like a vast ocean... whatever strikes the surface, the bottom stays calm\" - Dalai Lama
\"Competition ultimatly comes down to one thing... a loser and a winner.\" - Ugo Deschamps
- 11-28-2006 #3Linux Guru
- Join Date
- Mar 2005
- Location
- Texas
- Posts
- 1,692
Caveat: I'm answering this for tcpdump, since I only use ethereal * to view tcpdump captures. I think it's accurate but you will want to investigate. There's almost certainly something directly analogous in ethereal.
In tcpdump by default it snarfs only the first 68 bytes of the packet. So if you made a larger ICMP echo request packet, it would not make any difference by default. But if you are snarfing the full packet then I'd imagine you will simply create larger output data because the packet is larger.
Make sense?
* P.S. Wireshark is the new ethereal! The whole former ethereal development team is there now.
http://www.wireshark.org/
Same developers, same code, different name. The Ethereal network protocol analyzer has changed its name to Wireshark.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
