On Fri, Feb 20, 2009 at 7:08 PM, Guy Harris wrote:
> The "tcp" in "tcpdump" is a bit old - people use it for doing more than just
> looking at TCP headers these days - and it sounds as if the problem Torsten
> Krah had tring to decrypt ipsec traffic was due to the packets being cut
> short by a sn
Is there any networking hardware out there that does TCP checksum
generation for outgoing packets but doesn't do IP or UDP checksum
generation? If not, "-K" might as well imply that IP and UDP
checksums aren't valid for outgoing packets, either.
-
This is the tcpdump-workers list.
Visit htt
The "tcp" in "tcpdump" is a bit old - people use it for doing more
than just looking at TCP headers these days - and it sounds as if the
problem Torsten Krah had tring to decrypt ipsec traffic was due to the
packets being cut short by a snapshot length.
Would it make sense to have tcpdump d
On Feb 20, 2009, at 1:46 AM, Johan Mazel wrote:
I'm trying to use libpcap to capture packets on two interfaces (eth0
and
wlan0).
Linux, I presume?
My problem is that packets are only captured in the wlan0 thread.
What happens if you run one instance of tcpdump capturing on wlan0 and
a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Torsten" == Torsten Krah writes:
Torsten> Am Freitag, 20. Februar 2009 02:35:04 schrieb Michael
Torsten> Richardson:
>> First, are you capturing the entire packet?
Torsten> Hm what do you mean with "entire" packet? How do i kn
Am Freitag, 20. Februar 2009 10:38:45 schrieb Arien Vijn:
> To capture the whole frame
> you need to run with: -s 0.
thx for this hint - that was my mistake *sigh* - should have remembered this
...
thx - it works now.
Torsten
--
Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge.
Siehe
Hi
I'm trying to use libpcap to capture packets on two interfaces (eth0 and
wlan0).
My problem is that packets are only captured in the wlan0 thread.
Both threads are launched but I don't understand why the only active thread
is the one on wlan0.
I try to not launch the thread on wlan0 to check we
On 20 Feb. 2009, at 10:29 AM, Torsten Krah wrote:
Am Freitag, 20. Februar 2009 02:35:04 schrieb Michael Richardson:
First, are you capturing the entire packet?
Hm what do you mean with "entire" packet? How do i know this?
The command i have used i told - have i have to do something more to
Am Freitag, 20. Februar 2009 02:35:04 schrieb Michael Richardson:
>
> First, are you capturing the entire packet?
Hm what do you mean with "entire" packet? How do i know this?
The command i have used i told - have i have to do something more to get the
entire dump?
>
> Torsten> Command use
