Re: [tcpdump-workers] Fw: [Winpcap-users] Using filters with IP encapsulation (RFC 2003)

2007-11-28 Thread Gianluca Varenni
Yeah, but you cannot write a filter like " tcp port 80". You need to hardcode the offsets in the packet payload. Have a nice day GV - Original Message - From: "Luis EG Ontanon" <[EMAIL PROTECTED]> To: Sent: Wednesday, November 28, 2007 12:52 PM Subject: Re: [tcpdump-workers] Fw: [Win

Re: [tcpdump-workers] Fw: [Winpcap-users] Using filters with IP encapsulation (RFC 2003)

2007-11-28 Thread Luis EG Ontanon
No, You can look at the offset at which the IP addresses of the encapsulated IP packet are in the frame and compare it to the encapsulated address as an octetsting. Luis On Nov 28, 2007 6:38 PM, Gianluca Varenni <[EMAIL PROTECTED]> wrote: > I think the answer to this question is "no". Right? > >

Re: [tcpdump-workers] New DLT_ value request

2007-11-28 Thread Guy Harris
Will Barker wrote: Please may I request some additional libpcap DLT_ values? I need these to map onto the following wiretap values: 1. WTAP_ENCAP_PPP_WITH_PHDR 2. WTAP_ENCAP_CHDLC_WITH_PHDR 3. WTAP_ENCAP_FRELAY_WITH_PHDR 4. WTAP_ENCAP_LAPB What is the format of the extra in

Re: [tcpdump-workers] capturing only wrong checksum packets

2007-11-28 Thread Rick Jones
Guy Harris wrote: Mohan Lal Jangir wrote: How can I capture "only wrong checksum packets" using tcpdump (specially wrong udp checksum)? Unfortunately, there's no way to do so with an unmodified tcpdump. And even if there were, if you happened to be taking the trace on a system with CKO (C

[tcpdump-workers] Fw: [Winpcap-users] Using filters with IP encapsulation (RFC 2003)

2007-11-28 Thread Gianluca Varenni
I think the answer to this question is "no". Right? Have a nice day GV - Original Message - From: Sassone, Ed To: [EMAIL PROTECTED] Sent: Tuesday, November 27, 2007 1:36 PM Subject: [Winpcap-users] Using filters with IP encapsulation (RFC 2003) Hello. Is there a way to use filter

[tcpdump-workers] New DLT_ value request

2007-11-28 Thread Will Barker
Please may I request some additional libpcap DLT_ values? I need these to map onto the following wiretap values: 1. WTAP_ENCAP_PPP_WITH_PHDR 2. WTAP_ENCAP_CHDLC_WITH_PHDR 3. WTAP_ENCAP_FRELAY_WITH_PHDR 4. WTAP_ENCAP_LAPB In addition is it acceptable to have one further v

[tcpdump-workers] Fwd: Regarding Pcapdump

2007-11-28 Thread v rakesh
Dear All, I have been working on ns-2.26 for my experimental studies .I have been generating ns2 trace file to evaluate my experiments.As now I have seen ethereal which proved to be very good for my experiments I have decided to dump in pcap format.But as I open the same file in ethereal ,i

Re: [tcpdump-workers] capturing only wrong checksum packets

2007-11-28 Thread Guy Harris
Mohan Lal Jangir wrote: How can I capture "only wrong checksum packets" using tcpdump (specially wrong udp checksum)? Unfortunately, there's no way to do so with an unmodified tcpdump. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.