Re: [tcpdump-workers] PCAP: Distinguishing packets based on different senders ?

2006-03-21 Thread Guy Harris
On Mar 21, 2006, at 2:21 PM, J S wrote: But is it possible to collect info for all the required packets and then distinguish them based on their sender/reciever inside my pcap program (in one process)? Yes. Does pcap header contains information about sender/reciever or is it possible to

Re: [tcpdump-workers] PCAP: Distinguishing packets based on different senders ?

2006-03-21 Thread Aaron Turner
No, the pcap header won't have that. However, the packet data itself (which libpcap will give you) will have that (MAC address, IP address, etc) which will tell you the sender/reciever's address. It all depends on how you want to differentiate hosts (MAC address may not be unique if you have host

[tcpdump-workers] PCAP: Distinguishing packets based on different senders ?

2006-03-21 Thread J S
Hello- I am using pcap library to capture packets from multiple hosts. I am wondering if it is possible to distinguish the captured packets based on their sender/reciever etc. Obviously I can use a seperate process for each sender/reciever and have them use different filters based on src or dst. B

[tcpdump-workers] Patch to update the DNS RR typecode list for display

2006-03-21 Thread Griffin, Wesley
I've attached patches to nameser.h and print-domain.c to update the list of DNS RR typecodes to be inline with . With this patch tcpdump now prints DNSKEY instead of Type48. I haven't done any real extensive testing of this, but I'm only updating

Re: [tcpdump-workers] Patch to update the DNS RR typecode list for display

2006-03-21 Thread Griffin, Wesley
Doh! I should have expected that attachments would get stripped. I should also mention that I attempted to submit this via the SF.net site, but they seem to be having problems with the site. Index: nameser.h === RCS file: /tcpdump/mas