[tcpdump-workers] tcpdump 4.2.0rc1 build fix
Hi, The 4.2.0rc1 beta tarball of tcpdump is missing the ppi.h file, so print-ppi.c doesn't build. The following will fix it for the next release: diff --git a/Makefile.in b/Makefile.in index 265b47e..04a58dc 100644 --- a/Makefile.in +++ b/Makefile.in @@ -168,6 +168,7 @@ HDR = \ oui.h \ pcap-missing.h \ pmap_prot.h \ + ppi.h \ ppp.h \ route6d.h \ rpc_auth.h \ Thanks, -- Romain Francoise http://people.debian.org/~rfrancoise/ - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] Running TCPDUMP over a web interface
Hi all, I am not sure if this is a right list to post the following question. I need to run TCPDUMP on a Linux bridge with multiple network interfaces. However, instead of using a shell, I need to run it over a web interface. Any guide or suggestion will be highly appreciated. Thanking you... Best regards, Tek Bahadur Limbu - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] "not upd" doesn't work in compound filter
Hi there, With below tcpdump command (in Ubuntu), I want to get multicast traffic, non udp, ..., but the filter "! udp" doesn't work. It gives output of UDP packets. sudo tcpdump -r tw 'ether[0] & 0xFF == 1' && ! udp && host 192.168.1.1 && greater 300 The single filter of "! udp" works though. tcpdump version 4.0.0 libpcap version 1.0.0 Thanks & Regards, George- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] "not upd" doesn't work in compound filter
On Aug 14, 2011, at 11:15 AM, George Liang wrote: > With below tcpdump command (in Ubuntu), I want to get multicast traffic, non > udp, ..., but the filter "! udp" doesn't work. It gives output of UDP packets. > > sudo tcpdump -r tw 'ether[0] & 0xFF == 1' && ! udp && host 192.168.1.1 && > greater 300 If that's the command you typed, note that not only does "&" mean something special to the shell, so does "&&". That means you need to quote more than just "ether[0] & 0xFF == 1", so try quoting the entire expression: sudo tcpdump -r tw 'ether[0] & 0xFF == 1 && ! udp && host 192.168.1.1 && greater 300' or maybe just sudo tcpdump -r tw 'ether multicast && ! udp && host 192.168.1.1 && greater 300' or try using "and" rather than "&&": sudo tcpdump -r tw 'ether[0] & 0xFF == 1' and ! udp and host 192.168.1.1 and greater 300 Also, if you're reading from a capture file, rather than capturing live traffic, "sudo" isn't necessary.- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] tcpdump 4.2.0rc1 build fix
On Aug 14, 2011, at 2:19 AM, Romain Francoise wrote: > The 4.2.0rc1 beta tarball of tcpdump is missing the ppi.h file, so > print-ppi.c doesn't build. Checked into the trunk and 4.2 branches, along with a bunch of other fixes for builds on other platforms, and a build fix for libpcap (trunk and 1.2 branches) on older Linuxes. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
