On Jan 8, 2007, at 10:30 PM, [EMAIL PROTECTED] wrote:
> Could anyone please explain how the above values produced such
> display ( version : 4 , header length : 24 , etc. ) in the wireshark
> gui.
Step 1: order a copy of
TCP/IP Illustrated, Volume 1
and read chapters 1, 2, and 3.
Step 2: armed with what you've learned from that book about the format
of Ethernet headers and IP headers, look at the first 14 bytes of data
in the packet (you'll now know how that produces the display you see
for the Ethernet data in the Wireshark GUI) and then look at the next
24 bytes of data after that (you'll now know how that produces the
display you see for the IP data in the Wireshark GUI).
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
