Ethereal Network Analyser

Status
Not open for further replies.
P

Punker

Beta member
Messages
1
Hi,

I used Ethereal to analyse the paquets on my network
and here is what i got:

Can someone explane to me what the red fields are for ?

thank you

Code: 
Frame 1 (60 bytes on wire, 60 bytes captured)
    Arrival Time: May 23, 2003 19:07:19.926310000
    Time delta from previous packet: 0.000000000 seconds
    Time relative to first packet: 0.000000000 seconds
    Frame Number: 1
    Packet Length: 60 bytes
    Capture Length: 60 bytes
    File Offset: 40 (0x28)

IEEE 802.3 Ethernet 
[COLOR=red] 
    Destination: 00:00:1c:58:19:8a (00:00:1c:58:19:8a)
    Source: 00:05:5d:e6:0f:99 (00:05:5d:e6:0f:99)
    Length: 9
    Trailer: 00000000000000000000000000000000...
[/COLOR] 
Logical-Link Control
[COLOR=red] 
    DSAP: SNAP(0x54)
    IG Bit: Individual
    SSAP: SNAP(0x14)
    CR Bit: Command
    Control field: U, func = UI (0x03)
       
...
Logical-Link Control
    DSAP: Unknown (0x14)
    IG Bit: Individual
    SSAP: Unknown (0x54)
    CR Bit: Command
    Control field: U, func = UI (0x03)
        000. 00.. = Unnumbered Information
        .... ..11 = Unnumbered frame
     PID : CDD
[/color]
 
Certainly...packet analyzation is pretty fun stuff


Destination: 00:00:1c:58:19:8a (00:00:1c:58:19:8a)
Source: 00:05:5d:e6:0f:99 (00:05:5d:e6:0f:99)
Length: 9
Trailer: 00000000000000000000000000000000...

This is the MAC address of where the packets are going and the sourse is obviously where it is coming from. The length is a numerial length of the packet along with any trailer that was attached.

DSAP: SNAP(0x54)
IG Bit: Individual
SSAP: SNAP(0x14)
CR Bit: Command
Control field: U, func = UI (0x03)

Logical Link Control is part of the data link layer of the OSI model. It's function is to design packet frames and deal with flow control and error messaging. DSAP is the Destination Service access point. This is the destination computer's access point for message delivery (SSAP is Source service access point). SNAP (Subnetwork access protocol basically describes how the packet should be encapsulated. The IG bit is a bit that describes what kind of packet this is intended for (IG is Individual/Group or sometimes referred to as Information Group) and it is destined for an individual. The CR Bit is telling you what kind of traffic it is. Is it a command or response, etc. Actually.....don't hold me to this, but I think CR stands for Command/Response....can't remember. The control field is telling you what kind of internal frame this is (U for Unnumbered, I for I frame and S for Supervisory). The function is the function of the frame within the control field (UI for Unnumbered Information).
The PID at the bottom of the second is the Profile ID.

Hopefully this helps ya out!

-Mike
 
Status
Not open for further replies.

Similar threads

J
FPS issues(Need new purchase)
2
Replies
18
Views
4K
JoelOC
J
E
I need some advice
2
Replies
12
Views
3K
Ehman
E
E
Things I should improve.
2
Replies
12
Views
3K
PP Mguire
PP Mguire
D
display driver stopped responding and has recovered
2 3
Replies
20
Views
4K
Trotter
Trotter
H
  • Locked
Computer crashes when trying to open games
Replies
2
Views
2K
Herpster
H
Back
Top Bottom