Is the approximation because of the fact that NIC card generarates interrupt
only after some number of packets arrive ?. Does device polling affect time
stamp ? At what stage of capture time stamping is done ?
On Sat, Jul 9, 2011 at 6:59 PM, Alokat wrote:
> On 07/09/11 21:56, Guy Harris wrote:
>
Just a general comment about patches:
- try not to include "configure" in your patch. From a developer
point of view, this is a generated file, and any patch it generally
big and irrelevant, and just confuses people reading your patch
for actual information.
--
] He who is t
> "Joerg" == Joerg Mayer writes:
Joerg> for the equipment to come back to do a real test... The
Joerg> patch can be downloaded from:
Joerg> http://www-agrw.informatik.uni-kl.de/home/jmayer/rpcap.v2.patch
Joerg> I'd really like to receive some feedback on this.
Up until some
On 07/10/11 00:53, Guy Harris wrote:
> On Jul 9, 2011, at 7:50 PM, Alokat wrote:
>
>> Just for sure:
>>
>> *Ethernet packet*
>>
>> means a layer 2 (OSI / ISO model) packet right?
> Yes.
> -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.
Thanks for the answer,
On 07/10/2011 05:10 PM, Alokat wrote:
> On 07/10/11 00:53, Guy Harris wrote:
>> On Jul 9, 2011, at 7:50 PM, Alokat wrote:
>>
>>> Just for sure:
>>>
>>> *Ethernet packet*
>>>
>>> means a layer 2 (OSI / ISO model) packet right?
>> Yes.
>> -
>> This is the tcpdump-workers list.
>> Visit https://cod.sa
On Sat, Jul 09, 2011 at 10:37:55PM -0400, Michael Richardson wrote:
> Just a general comment about patches:
> - try not to include "configure" in your patch. From a developer
> point of view, this is a generated file, and any patch it generally
> big and irrelevant, and just confuses peo
On Jul 10, 2011, at 9:16 AM, Jakub Zawadzki wrote:
> On Sat, Jul 09, 2011 at 10:37:55PM -0400, Michael Richardson wrote:
>> Just a general comment about patches:
>> - try not to include "configure" in your patch. From a developer
>>point of view, this is a generated file, and any patch it g
Hi,
On Sat, Jul 09, 2011 at 02:36:50PM +0200, Joerg Mayer wrote:
> I've created a patch that actually manages to build into an rpm on my
> opensuse system. Wireshark HEAD also detects rpcap support when buiding with
> cmake. Now all I have to do is wait for the equipment to come back to
> do a rea
Is there any way to use BPF filters directly from tcpdump, i.e., supply
tcpdump with a filter in BPF psuedo-machine format? I had a cursory
look at the code and couldn't find any obvious way to do this. What I'd
like to be able to do is supply a BPF filter in bpf_insn struct format, e.g.:
On Jul 10, 2011, at 11:07 AM, Geoffrey Sisson wrote:
> Is there any way to use BPF filters directly from tcpdump, i.e., supply
> tcpdump with a filter in BPF psuedo-machine format?
No, there isn't.
What are you trying to do? If it's a type of test that the filter language
doesn't support, the
Guy Harris wrote:
> What are you trying to do? If it's a type of test that the filter
> language doesn't support, the filter language should perhaps be extended
> to support it.
It's for walking through some variable-length fields, and involves
iteratively using values in the packet as offsets
On Jul 10, 2011, at 12:11 PM, Geoffrey Sisson wrote:
> It's for walking through some variable-length fields, and involves
> iteratively using values in the packet as offsets for successive loads.
...
> I don't think the filter language supports it,
The filter language is generally fair
On Jul 9, 2011, at 7:43 PM, Michael Richardson wrote:
> Up until somewhat recently, pcap methods were basically decided at
> compile time based upon the OS that one was on. There was little in the
> way of decisions in the code as to what was going to go on.
>
> We now have half-dozen methods o
Guy Harris wrote:
> What sort of variable-length fields are you processing?-
Labels in the wire representation of a domain name.
>From RFC 1035:
Domain names in messages are expressed in terms of a sequence
of labels. Each label is represented as a one octet length field
followed by
14 matches
Mail list logo
