I believe the sessions I am seeing start out with a conversation like this:
IP 1.1.1.1.1701 > 2.2.2.2.1701: l2tp:[TLS](24460/0)Ns=23236,Nr=646 *MSGTYPE(HELLO)
IP 2.2.2.2.1701 > 1.1.1.1.1701: l2tp:[TLS](4/0)Ns=646,Nr=23237 ZLB
IP 1.1.1.1.1701 > 2.2.2.2.1701: l2tp:[TLS](24460/0)Ns=23237,Nr=646 *M
On Tue, Jul 06, 2004 at 06:11:06PM -0700, Anthony D. Minkoff wrote:
> I'm implementing several programs that use libpcap to monitor and
> analyze network traffic. I understand that each of these programs uses
> a BPF device, so that the number of such processes I can have running
> on a system
TCPDUMP newbie here. Newbie to a number of things, actually.
I'm implementing several programs that use libpcap to monitor and
analyze network traffic. I understand that each of these programs uses
a BPF device, so that the number of such processes I can have running
on a system concurrently i
Thanks to all who replied to my question...
your opinions were very useful..
Regards, Mustaffa Abu Sedira
From: "Fook Ming EE" <[EMAIL PROTECTED]>
To: "'Alberto Ornaghi'" <[EMAIL PROTECTED]>,"'Mustafa Abu Sedera'"
<[EMAIL PROTECTED]>
CC: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: R
On Jul 5, 2004, at 4:51 AM, Darren Reed wrote:
If ppp_hdlc() is called with length < 2, bad things happen.
Should it be called *at all* from "handle_ppp()"?
Or, if this is really just HDLC-over-L2TP, in which case it should be
called directly from t
http://www.ietf.org/internet-drafts/dra
On Jul 5, 2004, at 3:13 AM, Darren Reed wrote:
Looks better if its "compressed PPP data" :)
Checked in, with "compressed PPP data" - and with another change to use
"ppptype2str[]" in the default case.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
On Jul 2, 2004, at 8:29 PM, J.R. Lillard wrote:
Is it possible to filter packets by the DNS query?
For example, how could I dump all packets trying to resolve
google.com?
The filtering engine in libpcap isn't powerful enough to do that
easily, if at all (it's intended to be simple enough to be
The simplest way is to spoof the source IP of your packets with that of
another IP on the same subnet which is not in use. That way you can
still send and receive packets, but the kernel won't be a problem.
-Aaron
On Sun, Jul 04, 2004 at 11:10:02PM +, Mustafa Abu Sedera wrote:
> Hi all,
> I
CVS log entries from 05.07.2004 (Mon) 09:05:14 - 06.07.2004 (Tue) 09:05:14 GMT
=
Summary by authors
=
Author: hannes
File: tcpdump/print-ppp.c; Revisions: 1.97
==
