From owner-freebsd-questions Fri Oct 10 07:05:10 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id HAA15262 for questions-outgoing; Fri, 10 Oct 1997 07:05:10 -0700 (PDT) (envelope-from owner-freebsd-questions) Received: from plains.NoDak.edu (tinguely@plains.NoDak.edu [134.129.111.64]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA15246 for ; Fri, 10 Oct 1997 07:05:01 -0700 (PDT) (envelope-from tinguely@plains.NoDak.edu) Received: (from tinguely@localhost) by plains.NoDak.edu (8.8.5/8.8.5) id JAA26051; Fri, 10 Oct 1997 09:04:47 -0500 (CDT) Date: Fri, 10 Oct 1997 09:04:47 -0500 (CDT) From: Mark Tinguely Message-Id: <199710101404.JAA26051@plains.NoDak.edu> To: grog@lemis.com, tinguely@plains.NoDak.edu Subject: Re: tcpdump Cc: joe@via.net, questions@FreeBSD.ORG Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > In fact, unless you ask for link-level headers with the -e option, > you'll just get the IP datagram if it *is* IP. I meant to say that the Berkeley Packet Filter/tcpdump works on the whole ethernet frame. The TCP part of the tcpdump name, may give the impression that it only can work on the TCP or IP level. The BPF/tcpdump is even generic enough that we have made very small modifications to make it filter/display ATM information. --mark.