[tcpdump-workers] What's the point of "oui Unknown"?

2014-10-17 Thread John Hawkinson 
I guess it's been a long time since I've run tcpdump -e.
On an 802.11 packet, I see:

15:47:26.928534 0us BSSID:58:f3:9c:e5:a2:cf (oui Unknown) DA:Broadcast
SA:58:f3:9c:e5:a2:cf (oui Unknown) Beacon (MIT N) [18.0 24.0* 36.0 48.0
54.0 Mbit] ESS[|802.11]

That is:

58:f3:9c:e5:a2:cf (oui Unknown)

is from etheraddr_string() because 58:f3:9c does not appear 
in the list of 14 ouis in oui.c:

 29 /* FIXME complete OUI list using a script */
 30 
 31 const struct tok oui_values[] = {
 32 { OUI_ENCAP_ETHER, "Ethernet" },
 33 { OUI_CISCO, "Cisco" },
 34 { OUI_NORTEL, "Nortel Networks SONMP" },
 35 { OUI_CISCO_90, "Cisco bridged" },
 36 { OUI_RFC2684, "Ethernet bridged" },
 37 { OUI_ATM_FORUM, "ATM Forum" },
 38 { OUI_CABLE_BPDU, "DOCSIS Spanning Tree" },
 39 { OUI_APPLETALK, "Appletalk" },
 40 { OUI_JUNIPER, "Juniper" },
 41 { OUI_HP, "Hewlett-Packard" },
 42 { OUI_IEEE_8021_PRIVATE, "IEEE 802.1 Private"},
 43 { OUI_IEEE_8023_PRIVATE, "IEEE 802.3 Private"},
 44 { OUI_TIA, "ANSI/TIA"},
 45 { OUI_DCBX, "DCBX"},
 46 { 0, NULL }

What's the thinking here?

Obviously there are thousands of OUIs, and most are not going to ever
be in tcpdump's list, and it seems like populating oui.c with 20,000
OUIs may not be the way to go.

The code to do this was added by Hannes Gredler in:

commit 64690e70e5559c14aade6b2bccb3c05f14718d4c
Author: hannes 
Date:   Sun Apr 10 07:17:00 2005 +

plumb in oui-name resolution

and is currently (addrtoname.c):

510 if (!nflag) {
511 snprintf(cp, BUFSIZE - (2 + 5*3), " (oui %s)",
512 tok2str(oui_values, "Unknown", oui));
513 } else


It seems to me that without more robust support this is just annoying
noise and, at the very least, the Unknown oui printing should be
removed.

Thoughts?

--jh...@mit.edu
  John Hawkinson
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

[tcpdump-workers] TCPDUMP Help needed

2014-10-17 Thread Gaurav Kasliwal 
Hi,

I am new to tcpdump. I just want to fetch http url from packets on given
interface.
Can you please tell me what command will be useful ?


--
Thanks & Regards,
Gaurav Kasliwal

About Me  | Linked In Profile

___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

[tcpdump-workers] File rotation every x seconds AND max file count

2014-10-17 Thread Cosmin T 
Hello,

I wanted to create a pcap "buffer" of 2 hours based on 60 second slices. I 
hoped to achieve this by specifying -G 60 -W 120 (1 file every minute, 120 
minutes). But of course, after reaching the 120 file count, tcpdump exits.

Do you plan on implementing a way of doing the above?

Thank you,
Cosmin
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

[tcpdump-workers] [PATCH] surport the IEEE 802.1ah Mac in Mac

2014-10-17 Thread Liuyongqiang(A) 
From: liuyongqiang 

Signed-off-by: liuyongqiang 
---
 Makefile.in   |  2 ++
 ethertype.h   |  3 +++
 pbb.h | 44 
 print-chdlc.c |  3 +++
 print-ether.c | 11 -
 print-gre.c   |  3 +++
 print-pbb.c   | 72 +++
 7 files changed, 137 insertions(+), 1 deletion(-)
 create mode 100644 pbb.h
 create mode 100644 print-pbb.c

diff --git a/Makefile.in b/Makefile.in
index 5879b93..fc61e7c 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -209,6 +209,7 @@ LIBNETDISSECT_SRC=\
print-wb.c \
print-zephyr.c \
print-zeromq.c \
+   print-pbb.c \
signature.c \
util.c
 
@@ -269,6 +270,7 @@ HDR = \
smb.h \
tcp.h \
tcpdump-stdinc.h \
+   pbb.h \
udp.h
 
 TAGHDR = \
diff --git a/ethertype.h b/ethertype.h
index 8039917..b10847e 100644
--- a/ethertype.h
+++ b/ethertype.h
@@ -136,6 +136,9 @@
 #ifndefETHERTYPE_MPLS
 #defineETHERTYPE_MPLS  0x8847
 #endif
+#ifndef ETHERTYPE_PBB
+#define ETHERTYPE_PBB  0x88e7
+#endif
 #ifndefETHERTYPE_MPLS_MULTI
 #defineETHERTYPE_MPLS_MULTI0x8848
 #endif
diff --git a/pbb.h b/pbb.h
new file mode 100644
index 000..9db7db6
--- /dev/null
+++ b/pbb.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2001 WIDE Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *may be used to endorse or promote products derived from this software
+ *without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#define PBB_ISID_MASK   0x00ff
+#define PBB_ISID_SHIFT  0
+#define PBB_RES_MASK   0x700
+#define PBB_RES_SHIFT  24
+#define PBB_UCA_MASK0x800
+#define PBB_UCA_SHIFT27
+#define PBB_DEL_MASK 0x1000
+#define PBB_DEL_SHIFT 28
+#define PBB_PCP_MASK 0xe000
+#define PBB_PCP_SHIFT29
+
+#define PBB_ISID(x)(((x) & PBB_ISID_MASK) >> PBB_ISID_SHIFT)
+#define PBB_RES(x) (((x) & PBB_RES_MASK) >> PBB_RES_SHIFT)
+#define PBB_UCA(x) (((x) & PBB_UCA_MASK) >> PBB_UCA_SHIFT)
+#define PBB_DEL(x) (((x) & PBB_DEL_MASK) >> PBB_DEL_SHIFT)
+#define PBB_PCP(x)   (((x)& PBB_PCP_MASK) >> PBB_PCP_SHIFT)
diff --git a/print-chdlc.c b/print-chdlc.c
index 8230c87..c32f8f5 100644
--- a/print-chdlc.c
+++ b/print-chdlc.c
@@ -90,6 +90,9 @@ chdlc_print(netdissect_options *ndo, register const u_char 
*p, u_int length) {
 case ETHERTYPE_MPLS_MULTI:
 mpls_print(ndo, p, length);
break;
+case ETHERTYPE_PBB:
+pbb_print(ndo, p, length);
+break;
 case ETHERTYPE_ISO:
 /* is the fudge byte set ? lets verify by spotting ISO headers 
*/
 if (*(p+1) == 0x81 ||
diff --git a/print-ether.c b/print-ether.c
index 49e7803..4f17c13 100644
--- a/print-ether.c
+++ b/print-ether.c
@@ -83,6 +83,7 @@ const struct tok ethertype_values[] = {
 { ETHERTYPE_GEONET, "GeoNet"},
 { ETHERTYPE_CALM_FAST,  "CALM FAST"},
 { ETHERTYPE_AOE,"AoE" },
+{ ETHERTYPE_PBB,   "802.1ah-Mac-in-Mac" },
 { 0, NULL}
 };
 
@@ -95,7 +96,7 @@ ether_hdr_print(netdissect_options *ndo,
 
ep = (const struct ether_header *)bp;
 
-   ND_PRINT((ndo, "%s > %s",
+   ND_PRINT((ndo, " %s > %s",
 etheraddr_string(ndo, ESRC(ep)),
 etheraddr_string(ndo, EDST(ep;
 
@@ -232,6 +233,10 @@ recurse:
 
if (!ndo->ndo_suppress_default_print)
ND_DEFAULTPRINT(p, caplen);
+   } else {
+   if (ether_typ