ed <[EMAIL PROTECTED]> wrote: > Thats good, thanks, I thought tcpdump was IP layer only, because of > the name.
While tcpdump is not IP layer only, pf is. So you will not be able to see ARP packets or ethernet addresses when reading pflog. Can > On Tue, 13 Sep 2005 14:38:09 +0300 > Huzeyfe Onal <[EMAIL PROTECTED]> wrote: > > > try #tcpdump arp to see only arp packages. > > wants to get link-level header? Add -e option.. > > > > > > 2005/9/12, ed <[EMAIL PROTECTED]>: > > > On Mon, 12 Sep 2005 13:26:19 -0400 > > > "Will H. Backman" <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > This has most of the data that I need, but it seems to be > > > > > missing one thing > > > > > that I think is important. How can I determine if the traffic is > > > > > TCP/UDP/ICMP etc? > > > > > > > > > If you have ack and window flags, then it is TCP, not UDP. > > > > > > What should I use to see packets at the ethernet level, such as ARP? > > -- > http://edd.link9.net - http://irc.is-cool.net
