Hi all,
I work on Debian 8, with linux version 3.16.0-4-amd64, libpcap.1.8.1,
gcc-4.9.2
I write a little program in C langage which reads a pcap file, apply
filter, and write the result into a new pcap file.
The problem: all filters do not work (I use capture filters and not display
filters).
the
> the first filter: *tcp port 80 and host 192.168.10.11* do not work whereas the
> second: *vlan 254*, *vlan 255*, etc. work fine. My traffic contains vlan
> 254, tcp, udp, port 80, port 443 and many ip address including
> 192.168.10.11. But when I apply the first one, the pcap result file
> contai
I am working on an application that requires to store packets in PCAPNG
format. My understanding is that there isn't support for saving packets in
PCAPNG format in the current code base. I have noticed that Apple has
created an API in its custom version of libpcap (latest version can be
viewed at h
On Dec 6, 2016, at 10:15 AM, Martin Dubuc wrote:
> I am working on an application that requires to store packets in PCAPNG
> format. My understanding is that there isn't support for saving packets in
> PCAPNG format in the current code base. I have noticed that Apple has
> created an API in its c
Has there been any discussions with folks from Apple that worked on the
PCAPNG API to donate there code to tcpdump project? I am sure many
(including Apple) would benefit from single source for this code as far as
maintenance is concerned.
Martin
On Tue, Dec 6, 2016 at 1:32 PM, Guy Harris wrote:
On Dec 6, 2016, at 11:05 AM, Martin Dubuc wrote:
> Has there been any discussions with folks from Apple that worked on the
> PCAPNG API to donate there code to tcpdump project? I am sure many (including
> Apple) would benefit from single source for this code as far as maintenance
> is concerne
On Nov 30, 2016, at 4:14 AM, ikuzar RABE wrote:
> I work on Debian 8, with linux version 3.16.0-4-amd64, libpcap.1.8.1,
> gcc-4.9.2
> I write a little program in C langage which reads a pcap file, apply
> filter, and write the result into a new pcap file.
>
> The problem: all filters do not work
Hi all,
I have a problem about reading circular ringbuf pcap records.
There is a pcap file which stores last X seconds of packets. And with each
X seconds of a period, a new pcap file is created.
I can successfully read the initial pcap file for X seconds with "tail -n+o
-F | tcpdump -r - -nn".
On Dec 6, 2016, at 10:12 PM, Tugrul Erdogan wrote:
> There is a pcap file which stores last X seconds of packets. And with each
> X seconds of a period, a new pcap file is created.
>
> I can successfully read the initial pcap file for X seconds with "tail -n+o
> -F | tcpdump -r - -nn".
To quo
