Re: [tcpdump-workers] When using IPSec, tcpdump doesn't show outgoing packets
On Sun, Feb 13, 2011 at 7:45 PM, Kaushal Shriyan wrote: > > > On Fri, Feb 11, 2011 at 8:40 PM, Kaushal Shriyan > wrote: > >> On Fri, Feb 11, 2011 at 4:49 PM, frederic lubrano < >> frederic.lubr...@gmail.com> wrote: >> >>> tcpdump -i eth0 -n -s 0 -vv \(port 500 or port 4500 or proto 50\) and >>> host >>> xxx.xxx.xxx.xxx >>> -- >>> >>> >> Hi Frederic >> >> Not sure I understand the command *tcpdump -i eth0 -n -s 0 -vv \(port 500 >> or port 4500 or proto 50\) and host xxx.xxx.xxx.xxx* >> >> What does port 500 4500 and proto 50 mean and how about src host and >> destination host since you have mentioned about only one >> " host xxx.xxx.xxx.xxx" >> >> Please help me understand. >> >> Thanks >> >> Kaushal >> >> > Hi Frederic > > I was eagerly waiting for your reply. Please help me understand. > > Thanks > > Kaushal > >> >> > Hi, Can someone please help me understand about the earlier post to this Mailing List. Thanks Kaushal > >>> On 11 February 2011 05:27, Kaushal Shriyan >>> wrote: >>> >>> > On Thu, Feb 10, 2011 at 2:09 PM, Kaushal Shriyan >>> > wrote: >>> > >>> > > Hi >>> > > >>> > > When i run the command tcpdump -i eth0 -s0 host IP and host IP , I >>> just >>> > see >>> > > only incoming traffic and not outgoing traffic. I am using IPSec >>> > > Application. >>> > > >>> > > Please suggest/guide and let me know if you need any further >>> information. >>> > > >>> > > Thanks >>> > > >>> > > Kaushal >>> > > >>> > > >>> > >>> > Hi >>> > >>> > Can someone please guide/suggest me about my earlier post to this >>> Mailing >>> > List. >>> > >>> > Thanks >>> > >>> > Kaushal >>> > - >>> > This is the tcpdump-workers list. >>> > Visit https://cod.sandelman.ca/ to unsubscribe. >>> > >>> - >>> This is the tcpdump-workers list. >>> Visit https://cod.sandelman.ca/ to unsubscribe. >>> >> >> > - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] When using IPSec, tcpdump doesn't show outgoing packets
Hello, When you say you have no outbound traffic, it may be normal. You want to capture flows Ipsec? if so, do you have packet that moved through the tunnel? is: tcpdump -i eth0 -n -s 0 -vv \(port 500 or port 4500 or proto 50\) no specifying host and send a sample Regards, fred -- On 13 February 2011 15:15, Kaushal Shriyan wrote: > On Fri, Feb 11, 2011 at 8:40 PM, Kaushal Shriyan > wrote: > > > On Fri, Feb 11, 2011 at 4:49 PM, frederic lubrano < > > frederic.lubr...@gmail.com> wrote: > > > >> tcpdump -i eth0 -n -s 0 -vv \(port 500 or port 4500 or proto 50\) and > >> host > >> xxx.xxx.xxx.xxx > >> -- > >> > >> > > Hi Frederic > > > > Not sure I understand the command *tcpdump -i eth0 -n -s 0 -vv \(port 500 > > or port 4500 or proto 50\) and host xxx.xxx.xxx.xxx* > > > > What does port 500 4500 and proto 50 mean and how about src host and > > destination host since you have mentioned about only one > > " host xxx.xxx.xxx.xxx" > > > > Please help me understand. > > > > Thanks > > > > Kaushal > > > > > Hi Frederic > > I was eagerly waiting for your reply. Please help me understand. > > Thanks > > Kaushal > > > > > > >> > >> On 11 February 2011 05:27, Kaushal Shriyan > >> wrote: > >> > >> > On Thu, Feb 10, 2011 at 2:09 PM, Kaushal Shriyan > >> > wrote: > >> > > >> > > Hi > >> > > > >> > > When i run the command tcpdump -i eth0 -s0 host IP and host IP , I > >> just > >> > see > >> > > only incoming traffic and not outgoing traffic. I am using IPSec > >> > > Application. > >> > > > >> > > Please suggest/guide and let me know if you need any further > >> information. > >> > > > >> > > Thanks > >> > > > >> > > Kaushal > >> > > > >> > > > >> > > >> > Hi > >> > > >> > Can someone please guide/suggest me about my earlier post to this > >> Mailing > >> > List. > >> > > >> > Thanks > >> > > >> > Kaushal > >> > - > >> > This is the tcpdump-workers list. > >> > Visit https://cod.sandelman.ca/ to unsubscribe. > >> > > >> - > >> This is the tcpdump-workers list. > >> Visit https://cod.sandelman.ca/ to unsubscribe. > >> > > > > > - > This is the tcpdump-workers list. > Visit https://cod.sandelman.ca/ to unsubscribe. > - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] Problem with libpcap installation
Hi, I have been trying to configure libpcap-1.0.0 and libpcap-1.1.1 in cygwin under WindowsXP but I am getting an error "checking for ANSI ioctl definitions... no" in both.:( I have installed WinPcap4.1. Error is as: A186849@indic9qcvl ~/libpcap-1.0.0 $ ./configure checking build system type... i686-pc-cygwin checking host system type... i686-pc-cygwin checking target system type... i686-pc-cygwin checking for gcc... gcc checking for C compiler default output file name... a.exe checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... .exe checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking gcc version... 4 checking for inline... inline checking for __attribute__... yes checking for u_int8_t using gcc... yes checking for u_int16_t using gcc... yes checking for u_int32_t using gcc... yes checking for u_int64_t using gcc... yes checking for special C compiler options needed for large files... no checking for _FILE_OFFSET_BITS value needed for large files... no checking for _LARGEFILE_SOURCE value needed for large files... no checking how to run the C preprocessor... gcc -E checking for grep that handles long lines and -e... /usr/bin/grep checking for egrep... /usr/bin/grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking sys/ioccom.h usability... no checking sys/ioccom.h presence... no checking for sys/ioccom.h... no checking sys/sockio.h usability... no checking sys/sockio.h presence... no checking for sys/sockio.h... no checking limits.h usability... yes checking limits.h presence... yes checking for limits.h... yes checking paths.h usability... yes checking paths.h presence... yes checking for paths.h... yes checking for net/pfvar.h... no checking for netinet/if_ether.h... no configure: Rechecking with some additional includes checking for netinet/if_ether.h... no checking for ANSI ioctl definitions... no configure: error: see the INSTALL for more info A186849@indic9qcvl ~/libpcap-1.0.0 $ Due to this I am not able to install ettercap.(It shows "libpcap not found").I have Googled a lot for this problem but found no solution working. Kindly help me on this.I'll be greatly obliged!! Thanks and Regards. Prateek Trivedi Pune -India - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] Problem with libpcap installation
On Feb 16, 2011, at 7:28 AM, client server wrote: > I have been trying to configure libpcap-1.0.0 and libpcap-1.1.1 in cygwin > under WindowsXP but I am getting an error "checking for ANSI ioctl > definitions... no" in both.:( The libpcap configure script doesn't support building on Windows - nobody's contributed any patches to make it do so. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] request for a DLT value for wireshark DVB-CI
Hmm, no reply... Is this the correct place to ask for a new DLT? Should I provide more/different information? Or are you simply all busy? ;-) I'm about to finish the DVB-CI dissector for wireshark, the DLT is the last missing bit... Thanks for a short feedback to get this started, Martin Thus wrote Martin Kaiser (li...@kaiser.cx): > Dear all, > I'm working on a wireshark dissector for DVB-CI (Common Interface). The > dissector analyzes the communication between a PC-Card module and a DVB > receiver. It's not based on any other data link layer protocol. > I defined the pcap packet data for the new DLT on > http://www.kaiser.cx/pcap-dvbci.html > Basically, there'll be a pseudo-header around the bytes that are > actually transfered, hardware events can also be logged. > Please could you assign a DLT value for this new dissector? > Thanks in advance for your support, >Martin > - > This is the tcpdump-workers list. > Visit https://cod.sandelman.ca/ to unsubscribe. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
