LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Decoding frames with Ettereal (https://www.linuxquestions.org/questions/linux-networking-3/decoding-frames-with-ettereal-353366/)

juanb 08-15-2005 03:37 AM
Decoding frames with Ettereal
 
Hi,

I captured some data with Ethereal, what is the meaning of decoding a packet ?

thanks very much !

Juan

aznluvsmc 08-15-2005 08:50 PM
I think you mean analyzing a packet. What you're doing is just looking at the options and values for a specific packet. If you have a lot of knowledge about TCP/IP you can probably deduce quite a bit of info.

For example the Linux TCP/IP stack by default uses a TTL value of 64. So if you look at the TTL value of a packet and it is below 64 it is safe to assume it was sent from a Linux box. Windows systems use a TTL of 128. Going through more than 64 hops is highly unlikely so this is a reasonably safe assumption.


All times are GMT -5. The time now is 02:12 AM.