Michael,
See the attached file for a sample of IPv4 packets captured.
There are also libpcap issues here that need to be resolved. At present,
using any filter with a PPI device fails to match any packet that
doesn't have a DLT of DLT_IEEE802_11.
Darren
On 3/05/11 03:59 PM, Michael Richard
On May 5, 2011, at 11:07 AM, Darren Reed wrote:
> There are also libpcap issues here that need to be resolved. At present,
> using any filter with a PPI device fails to match any packet that doesn't
> have a DLT of DLT_IEEE802_11.
...which is one of the things wrong with PPI. pcap-ng makes th
On 5/05/11 11:16 AM, Guy Harris wrote:
On May 5, 2011, at 11:07 AM, Darren Reed wrote:
There are also libpcap issues here that need to be resolved. At present, using
any filter with a PPI device fails to match any packet that doesn't have a DLT
of DLT_IEEE802_11.
...which is one o
On May 5, 2011, at 11:28 AM, Darren Reed wrote:
> I see - you're concerned about how do you make "tcpdump icmp" work when the
> link type is PPI (or pcap-ng)
Presumably meaning "when the link type is PPI or when the file is a pcap-ng
file" (pcap-ng isn't a link type, it's a file format).
> an
Hi.
I am looking to setup a kind of a sniffer manager in C that is cross
platform (Windows, Linux). I have everything working in both platforms,
with the exception of one thing - the main sniffing loop. So far, the code
I have used is nothing that I haven't already seen online in various places.
On May 5, 2011, at 8:29 AM, Jeff Garrett wrote:
> I want to be able to return from Step 2 and say "yes, sniffing was started
> successfully" or "no there was an error". I also want the sniffing to occur
> infinitely, or until I say stop (via pcap_breakloop() function).
> In addition, I want to b
On 5/05/11 11:35 AM, Guy Harris wrote:
On May 5, 2011, at 11:28 AM, Darren Reed wrote:
I see - you're concerned about how do you make "tcpdump icmp" work when the
link type is PPI (or pcap-ng)
Presumably meaning "when the link type is PPI or when the file is a pcap-ng
file" (pcap-
On May 5, 2011, at 1:38 PM, Darren Reed wrote:
> In terms of pcap, I'm becoming more and more of the opinion that DLT_PPI
> should not be used for anything other than DLT_IEEE802_11.
Sounds good to me.
> Why am I not very interested in pcap-ng?
> "The pcapng file format specification is still
On 5/05/11 01:42 PM, Guy Harris wrote:
On May 5, 2011, at 1:38 PM, Darren Reed wrote:
In terms of pcap, I'm becoming more and more of the opinion that DLT_PPI should
not be used for anything other than DLT_IEEE802_11.
Sounds good to me.
Why am I not very interested in pcap-ng
I would just perform the capture in a separate thread.
Have a nice day
GV
-Original Message-
From: tcpdump-workers-ow...@lists.tcpdump.org
[mailto:tcpdump-workers-ow...@lists.tcpdump.org] On Behalf Of Jeff Garrett
Sent: Thursday, May 05, 2011 8:30 AM
To: tcpdump-workers@lists.tcpdump.org
On May 5, 2011, at 2:45 PM, Darren Reed wrote:
> Looking through it, the first observation I'd make is that there should not
> have been any 16 bit fields. The one that concerns me most is the IDB which
> has a 16bit link type.
We could add an "enhanced IDB" with a 32-bit LinkType field.
> On
On May 5, 2011, at 4:54 PM, Guy Harris wrote:
> On May 5, 2011, at 2:45 PM, Darren Reed wrote:
>
>> Looking through it, the first observation I'd make is that there should not
>> have been any 16 bit fields. The one that concerns me most is the IDB which
>> has a 16bit link type.
>
> We could
On 5/05/11 05:09 PM, Guy Harris wrote:
On May 5, 2011, at 4:54 PM, Guy Harris wrote:
On May 5, 2011, at 2:45 PM, Darren Reed wrote:
Looking through it, the first observation I'd make is that there should not
have been any 16 bit fields. The one that concerns me most is the IDB whi
On May 5, 2011, at 5:20 PM, Darren Reed wrote:
> In the breakup where you were suggesting 10 bits that could be an
> organization ID, reserve "0" for the publicly recognised set
That's already done (implicitly, by virtue of those bits being 0 in existing
LINKTYPE_ values, and explicitly as wel
14 matches
Mail list logo
