Re: [tcpdump-workers] Link-Layer Header Type request for Linux Kernel Messages
Hi, I guess area what I am working blur the boundaries of existing tools. So what about feature? (maybe it is time to little extend tool boundary) Linux Kernel Messages and Android Logs are similar to "syslog", ok, but think about wide perspective. The question are: 1. What can be supported by libpcap, but what cannot be. (~ we need one tool or two/infinite number of tools) 2. kmsg/syslog seems to be helper for other payloads analyse, so why it cannot be keep together? (for example: kernel close data socket, we know that from kernel logs and see that in protocol payloads) 3. Should I think about new tool? (On the other hand - my ideas should not completely break your tool or primary intention and should not disturb anyone) 4. kmsg seems to be regular interface, we can treat log as packet (or packet as log!), compute received, dropped, etc. PS. If all logs are in pcap (kernel, application logs [syslog/logcat], networks payloads (Internet, Bluetooth, NFC, DBus, etc...) ), than user can simply send it to developer, and we do not need syslog anymore. Pozdrawiam / Best regards - Michał Łabędzki, Software Engineer Tieto Corporation Product Engineering Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki e-mail: michal.labed...@tieto.com location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN From: m...@sandelman.ca [m...@sandelman.ca] Sent: 14 May 2013 16:39 To: Labedzki Michal Cc: tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] Link-Layer Header Type request for Linux Kernel Messages > "Michal" == Michal Labedzki writes: Michal> Are there any comments on that? (since month) I agree... I don't understand why putting these things into a pcap layer helps anyone. Have you looked at: http://datatracker.ietf.org/wg/syslog/charter/ and http://datatracker.ietf.org/doc/rfc5848/ might provide a more standard, more portable container? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] website not updated
If tcpdump 4.4.0 and libpcap 1.4.0 are done should the webpage be updated or are they in some kind of beta form? I'll happily fix it on github if that's the right place to do it. -- WXS ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] radiotap header retry
Hi all, I have a question about the radiotap header 802.11. Is there in tcpdump a corresponding filter as wlan.fc.retry==1 in wireshark? Thanks a lot Ilaria ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Link-Layer Header Type request for Linux Kernel Messages
Hi, Ok. Let start thinking only about: LINKTYPE_DEV_KMSG_LINUX & DLT_DEV_KMSG_LINUX, other can be ignored because /dev/kmsg is only one which can be used easy and powerfully. Implementation on two sides is ready (libpcap and Wireshark) Pozdrawiam / Best regards - Michał Łabędzki, Software Engineer Tieto Corporation Product Engineering Services http://www.tieto.com / http://www.tieto.pl --- ASCII: Michal Labedzki e-mail: michal.labed...@tieto.com location: Swobodna 1 Street, 50-088 Wrocław, Poland room: 5.01 (desk next to 5.08) --- Please note: The information contained in this message may be legally privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorised use, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank You. --- Please consider the environment before printing this e-mail. --- Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod numerem 124858. NIP: 8542085557. REGON: 812023656. Kapitał zakładowy: 4 271500 PLN ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] website not updated
> "Wesley" == Wesley Shields writes: Wesley> If tcpdump 4.4.0 and libpcap 1.4.0 are done should the webpage be Wesley> updated or are they in some kind of beta form? I'll happily fix it on Wesley> github if that's the right place to do it. They are done, the web page isn't updated yet, since they distro tar files are not yet properly signed. I will fix that today. If you want to edit the HTML files, please go ahead. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
