From owner-freebsd-questions Fri Oct 10 16:45:42 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id QAA18214 for questions-outgoing; Fri, 10 Oct 1997 16:45:42 -0700 (PDT) (envelope-from owner-freebsd-questions) Received: from freebie.lemis.com (gregl1.lnk.telstra.net [139.130.136.133]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id QAA18208 for ; Fri, 10 Oct 1997 16:45:37 -0700 (PDT) (envelope-from grog@freebie.lemis.com) Received: (from grog@localhost) by freebie.lemis.com (8.8.7/8.8.5) id JAA10604; Sat, 11 Oct 1997 09:15:29 +0930 (CST) Message-ID: <19971011091528.45066@lemis.com> Date: Sat, 11 Oct 1997 09:15:28 +0930 From: Greg Lehey To: Mark Tinguely Cc: joe@via.net, questions@FreeBSD.ORG Subject: Re: tcpdump References: <199710101404.JAA26051@plains.NoDak.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.84e In-Reply-To: <199710101404.JAA26051@plains.NoDak.edu>; from Mark Tinguely on Fri, Oct 10, 1997 at 09:04:47AM -0500 Organisation: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8250 Fax: +61-8-8388-8250 Mobile: +61-41-739-7062 WWW-Home-Page: http://www.lemis.com/~grog Fight-Spam-Now: http://www.cauce.org Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Fri, Oct 10, 1997 at 09:04:47AM -0500, Mark Tinguely wrote: > >> In fact, unless you ask for link-level headers with the -e option, >> you'll just get the IP datagram if it *is* IP. > > I meant to say that the Berkeley Packet Filter/tcpdump works on the > whole ethernet frame. The TCP part of the tcpdump name, may give the > impression that it only can work on the TCP or IP level. The name appears to be misleading. In fact, it will work on the entire frame, even if it's not IP. > The BPF/tcpdump is even generic enough that we have made very small > modifications to make it filter/display ATM information. There you go. But if you've gone that deep, I'm surprised that you're asking this question. Have I missed something? Greg