THanks for the help,
I've been using :
tcpdump
tcpdump -X -l
tcpdump -X -w (and reading in ethereal on Windows)
tcpdump -l -X -vvv
and the same for ethereal,
All I'm getting back is:
tcpdump -X -vvv:
11:44:22.301506 40:0:40:6:fa:23 45:10:2:40:ca:66 a90a 576:
0x0000 fd99 a90a 246f 0016 0523 2a1d 4f6e 8eb5
0x0010 78d1 5010 2180 2b09 0000 d3a4 458d 8d6b
0x0020 62fb b44c eddb 1ee3 ab7a fddf 426d 1689
0x0030 8d9a 0a6c fe34 12cc 8b03 fdf8 ebb9 c004
0x0040 91b7 8f0d e241 6829 faa8 10f1 4779 a3b8
0x0050 1b17 ..
ethereal -X -V:
Frame 106 (576 on wire, 576 captured)
Arrival Time: Dec 10, 2003 11:45:19.6572
Time delta from previous packet: 0.000024 seconds
Time relative to first packet: 0.166040 seconds
Frame Number: 106
Packet Length: 576 bytes
Capture Length: 576 bytes
Ethernet II
Destination: 45:10:02:40:ca:fd (45:10:02:40:ca:fd)
Source: 40:00:40:06:f9:8c (40:00:40:06:f9:8c)
Type: Unknown (0xa90a)
Data (562 bytes)
0 fd99 a90a 246f 0016 0523 2a1e 4302 8eb5
10 7b15 5010 2180 2c47 0000 4714 e3d7 82e4
20 05c7 e3f3 159d cae4 c67d cd27 8c03 a6e8
30 5321 cbd3 bfe9 efbf 25c0 0b07 23c8 6e9b
40 5e47 4110 e932 a207 ed3b 4795 5c56 176f
50 eb22 56da 4522 a282 10cd 282c 7673 f0f6
60 ef75
180 88a5 da17 e596 a777 7eb2 28cc ca34 30b3
As you can see from the ethereal report, it's only an Ethernet 2 trace, I'd
like to look at layer 3 (IP, if memory serves). I can make my Intel traces
look like this, but only if I ask the tool to report back MACs, otherwise
it reports IPs by default.....
I also need to add that I'm running a hyper socket interface (hsi0) on a
Guest LAN under VM 4.3 (I think).
Any ideas? Thanks again for your help.....
Murray Butler
"I would point out that linked lists, mark-and-copy garbage
collection, and the Tab key are all patented too. Somebody
who always carefully checked first for software patents would
never write anything at all."
- Martin Pool, in the rsync FAQ
