Re: [tcpdump-workers] libpcap and ettercap on Solaris 9

2007-12-22 Thread capper
On Sat, 22 Dec 2007, Guy Harris wrote: What does the command "flex --version" print? flex 2.5.34 And what does the command sed -n 84l scanner.l print, when run in the libpcap source directory? %a 18400 - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubsc

Re: [tcpdump-workers] Request for DLT_ number assignment

2007-12-22 Thread Alexey Neyman
Guy, Thanks! Yes, I noted the DLT_IPMB value. However, our captures also contain message flags (as passed by the driver), and driver events - which DLT_IPMB format doesn't allow for. Best regards, Alexey. On 22 December 2007 Guy Harris wrote: > Alexey Neyman wrote: > > Okay, I am convinced. L

Re: [tcpdump-workers] libpcap and ettercap on Solaris 9

2007-12-22 Thread Guy Harris
[EMAIL PROTECTED] wrote: flex -Ppcap_ -t scanner.l > $$.scanner.c; mv $$.scanner.c scanner.c scanner.l:84: bad character: % scanner.l:84: unknown error processing section 1 scanner.l:84: unknown error processing section 1 scanner.l:84: bad character: 1 scanner.l:84: bad character: 8 scanner.l:84

Re: [tcpdump-workers] Request for DLT_ number assignment

2007-12-22 Thread Guy Harris
Alexey Neyman wrote: Okay, I am convinced. Let it be DLT_IPMB_LINUX then. OK, I've added it, with the value 209. (Note that there's also a DLT_IPMB, in which the packet begins with the I2C slave address, followed by the netFn and LUN, etc.; presumably yours is different.) - This is the tcp

Re: [tcpdump-workers] Request for DLT_ number assignment

2007-12-22 Thread Alexey Neyman
Guy, > Well, that would have the advantage that files are self-identifying. > If the file is only ever read once, that's just a question of whether > to indicate the file type when you do the capture or when you read > the file; however, if it's read more than once, with a link-layer > type that

Re: [tcpdump-workers] Request for DLT_ number assignment

2007-12-22 Thread Guy Harris
Alexey Neyman wrote: If you think that choosing the type of protocol in reading application is not enough - well, let's call it DLT_IPMB_LINUX; we'll add the ability to select the DLT_ value in the capture utility. Well, that would have the advantage that files are self-identifying. If the

Re: [tcpdump-workers] Request for DLT_ number assignment

2007-12-22 Thread Alexey Neyman
Guy, > So if it were to be used for other I2C-based buses, would the > expectation be that you'd have to configure the application reading > the file to indicate what protocol is being used? Yes, in the Wireshark changes that we'll submit it is possible to select the protocol being used on I2C b

Re: [tcpdump-workers] Request for DLT_ number assignment

2007-12-22 Thread Guy Harris
Alexey Neyman wrote: It can be used for any other I2C-based bus, though we only use it to capture IPMB traffic. The capture utility is agnostic of the traffic type - so traffic type is not present in the pseudo-header. So if it were to be used for other I2C-based buses, would the expectation

Re: [tcpdump-workers] Request for DLT_ number assignment

2007-12-22 Thread Alexey Neyman
Guy, > So would this be usable for any other I2C-based buses? If not, > perhaps the name should include IPMB. If so, does the pseudo-header > indicate what type of traffic it is? It can be used for any other I2C-based bus, though we only use it to capture IPMB traffic. The capture utility is a

Re: [tcpdump-workers] libpcap and ettercap on Solaris 9

2007-12-22 Thread capper
On Sat, 22 Dec 2007, Guy Harris wrote: That would be more than I need - and I also need the output of the build process; something *EXTREMELY* strange happened in the process of building libpcap, as scanner.o isn't defining any of the functions it's supposed to define. OK, I think you may

Re: [tcpdump-workers] libpcap and ettercap on Solaris 9

2007-12-22 Thread Guy Harris
[EMAIL PROTECTED] wrote: On Sat, 22 Dec 2007, Guy Harris wrote: And what was the output of the configure script, and the build process, for libpcap? You want the entirety of config.log? That would be more than I need - and I also need the output of the build process; something *EXTREMELY

Re: [tcpdump-workers] libpcap and ettercap on Solaris 9

2007-12-22 Thread capper
On Sat, 22 Dec 2007, Guy Harris wrote: What does nm -pA usr/lib/libpcap.a | egrep 'scanner\.o' print? /usr/lib/libpcap.a[scanner.o]: /usr/lib/libpcap.a[scanner.o]: 00 b /usr/lib/libpcap.a[scanner.o]: 00 s /usr/lib/libpcap.a[scanner.o]: 04 D pcap_leng /usr/lib/

Re: [tcpdump-workers] Request for DLT_ number assignment

2007-12-22 Thread Guy Harris
Alexey Neyman wrote: They bit values are not specific themselves (e.g. status bits include "Controller lost attachment to bus", "Controller had promiscuous mode set/cleared", etc) - most likely, these bits will be available on different OS, too. However, the definitions of these status bits m

Re: [tcpdump-workers] libpcap and ettercap on Solaris 9

2007-12-22 Thread Guy Harris
[EMAIL PROTECTED] wrote: Here's the table of contents: ... scanner.o What does nm -pA usr/lib/libpcap.a | egrep 'scanner\.o' print? And what was the output of the configure script, and the build process, for libpcap? - This is the tcpdump-workers list. Visit https:/

Re: [tcpdump-workers] libpcap and ettercap on Solaris 9

2007-12-22 Thread capper
On Sat, 22 Dec 2007, Guy Harris wrote: [EMAIL PROTECTED] wrote: /usr/lib/libpcap.a[gencode.o]: 00 U lex_cleanup /usr/lib/libpcap.a[gencode.o]: 00 U lex_init /usr/lib/libpcap.a[grammar.o]: 00 U pcap_lex What does ar t /usr/lib/libpcap.a Here's the table o

Re: [tcpdump-workers] libpcap and ettercap on Solaris 9

2007-12-22 Thread Guy Harris
[EMAIL PROTECTED] wrote: Here is the output from that command: /usr/lib/libpcap.a[gencode.o]: 00 U lex_cleanup /usr/lib/libpcap.a[gencode.o]: 00 U lex_init /usr/lib/libpcap.a[grammar.o]: 00 U pcap_lex What does ar t /usr/lib/libpcap.a print? - This is the