|
Thanks for a response. It is UDP Multicast. -----Original Message----- On Behalf Of Guy Harris Sent: Wednesday, September
13, 2006 2:26 PM To: Ethereal user support;
Community support list for Wireshark Subject: Re:
[Ethereal-users] How does Ethereal interact with Fedora Core? ------------------- Michael Cobb wrote: > Can anyone explain to
me how Wireshark relates to Fedora? The same way Wireshark
relates to it (see the above note). This discussion should probably be
continued on the wireshark-users mailing list; I'm sending this to that list as
well. > At what OS > level is displaying a
capture from? I’m not a developer, but need to > be certain that packets
displayed by Ethereal are indeed being > presented from the OS
to an application that is running. Wireshark (and Ethereal)
capture traffic using the libpcap library; on Linux, that works by opening a
"PF_PACKET socket", from which it receives the packets. Packets delivered to a
PF_PACKET socket aren't necessarily delivered to some other socket; they might
be delivered to a networking protocol such as TCP or UDP, but that won't
necessarily deliver them to a socket. > I am currently sniffing
and seeing the packets in Wireshark. However > the developer of the
application has inserted debugging code to > display when it
receives those packets, but it does not acknowledge > receiving them. I need
to determine if this means the problem is OS > related or application
related. It's *probably*
application-related. Are the packets TCP, UDP, or some other protocol? Does
the application have a socket open to receive those packets? |
_______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
