-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: tcpdump Version: 3.9.3-2 Severity: normal
*** Please type your report below this line *** When trying to read some Raw IP PCAP files, captured using ulogd daemon netfilter feature, no content is shown when a BPF filter is applied: [EMAIL PROTECTED] file ulogd.eth0.pcap ulogd.eth0.pcap: tcpdump capture file (little-endian) - version 2.4 (raw IP, capture length 65536) [EMAIL PROTECTED] ls -las ulogd.eth0.pcap 3616 -r-xr-xr-x 1 cfragoso cfragoso 3694698 2003-08-08 07:36 ulogd.eth0.pcap [EMAIL PROTECTED] /usr/sbin/tcpdump -nnr | head -4 ulogd.eth0.pcap tcp reading from file ulogd.eth0.pcap, link-type RAW (Raw IP) [EMAIL PROTECTED] No BPF filter shows contents without any problem: [EMAIL PROTECTED] /usr/sbin/tcpdump -nnr ulogd.eth0.pcap | head -4 reading from file ulogd.eth0.pcap, link-type RAW (Raw IP) 11:10:14.271131 IP 192.168.103.2.3015 > 192.168.102.2.80: S 498274871:498274871(0) win 16384 <mss 1460,nop,nop,sackOK> 11:10:14.272308 IP 192.168.102.2.80 > 192.168.103.2.3015: S 2763422466:2763422466(0) ack 498274872 win 5840 <mss 1460,nop,nop,sackOK> 11:10:14.272880 IP 192.168.103.2.3015 > 192.168.102.2.80: . ack 1 win 17520 11:10:14.386299 IP 192.168.103.2.3015 > 192.168.102.2.80: P 1:77(76) ack 1 win 17520 [EMAIL PROTECTED] It seems to work OK from a tcpdump compiled from most recent tcpdump source code: [EMAIL PROTECTED]/tcpdump-2005.08.08$ ./tcpdump -nnr ../ulogd.eth0.pcap tcp | head -4 reading from file ../ulogd.eth0.pcap, link-type RAW (Raw IP) 11:10:14.271131 IP 192.168.103.2.3015 > 192.168.102.2.80: S 498274871:498274871(0) win 16384 <mss 1460,nop,nop,sackOK> 11:10:14.272308 IP 192.168.102.2.80 > 192.168.103.2.3015: S 2763422466:2763422466(0) ack 498274872 win 5840 <mss 1460,nop,nop,sackOK> 11:10:14.272880 IP 192.168.103.2.3015 > 192.168.102.2.80: . ack 1 win 17520 11:10:14.386299 IP 192.168.103.2.3015 > 192.168.102.2.80: P 1:77(76) ack 1 win 17520 [EMAIL PROTECTED] Regards, - -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.8-2-386 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages tcpdump depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libpcap0.8 0.9.3-1 System interface for user-level pa ii libssl0.9.7 0.9.7e-3 SSL shared libraries tcpdump recommends no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+AccEC8B/w5O3gcRAmZaAKCwwmfVtuKhz+DawGav8s6HMwPwkACdHWza 9Hl9wGz4VO7ZeMw+VAN9uXA= =hXBh -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
