[syslinux] a Wireshark trace (without graphic environment)
Geert Stappers
stappers at stappers.nl
Fri Aug 7 01:29:59 PDT 2009
Op 20090806 om 23:00 schreef H. Peter Anvin:
> On 08/06/2009 08:01 PM, Sandeep Agarwal wrote:
> >
> > also i tired to strace the process, i don't know if i was doing it
> > correctly, but it showed that the file "vmlinuz" was opened but was
> > never read. So I did tried changing the ownership of the TFTP folder
> > (/tftpboot) to nobody and tried but the results where the same.
> >
>
> Again, a Wireshark trace to confirm would be good, but my guess is that
> the OACK packet gets sent but isn't received. Why that is is another
> issue entirely...
Previous in this thread was reported there is no graphic environment to
run the program Wireshark and tcpdump text output was provided.
Tcpdump can write to a packet capture file with the option -w
Example <screenshot>
# tcpdump -s0 -w filename.pcap ether host 00:00:1b:39:57:b4
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
65535 bytes
^C14 packets captured
14 packets received by filter
0 packets dropped by kernel
</screenshot>
Addtional information:
-s0
snaplength, 0 meaning the complete packet (instead of 96 bytes)
-w filename.pcap
write to file, file format is libpcap
ether host 00:00:1b:39:57:b4
to get only packets from or to the MAC address of the boot client
^C
Control-C was pressed to stop network sniffing
Next step is putting filename.pcap somewhere online and publishing the URL.
Cheers
Geert Stappers
More information about the Syslinux
mailing list