On Tue, 2010-11-09 at 17:46 -0800, Guy Harris wrote:
> I.e., the problem isn't with the "-" prior to "libpcap", it's with the
> "." between "tcpdump" and "org", so that they think that the vendor is
> "tcpdump" and the final component of the type is "org-libpcap"?
Yep, that's the issue. Programme
On Nov 9, 2010, at 5:00 PM, Glen Turner wrote:
> 9. Applications which use this media type
> See RFC 4288, section 4.5
> [
> Libpcap, a C library to capture network packets for POSIX-like systems.
>
> Net::Pcap, Jpcap, python-libpcap, Ruby/Pcap are respectively Perl, Java,
> Python and Ruby bind
On Nov 9, 2010, at 5:00 PM, Glen Turner wrote:
> The largest change is that I have altered the proposed MIME type based
> on the advice received. The proposed type is now vnd.tcpdump.pcap. I am
> told the syntax of the previous "vnd.tcpdump.org-libpcap" was
> problematic, as some applications pa
Thanks everyone for comments, including offlist from my coworkers at
AARNet and the media people at CSIRO.
The largest change is that I have altered the proposed MIME type based
on the advice received. The proposed type is now vnd.tcpdump.pcap. I am
told the syntax of the previous "vnd.tcpdump.or
I notice libnl has incremented to 2.0 a few weeks ago and the API is
reportedly different.
http://www.infradead.org/~tgr/libnl/
Has anyone verfied that libnl 2.0 works with libpcap 1.1.1? I'll
probably try both now, but its worth having the answer in the
archives.
Thanks,
Mark.
-
This is the tcp
There are two simple cases to rule out:
1. The capture was taken using a Napatech or Endace card, which uses its own
clock which may or may not be in sync with the host clock.
2. There's an unexpected local timezone on the machine used to read and
display the packet capture. Is your client
Hi Gary,
Thank you for your clear reply, as always.
>
> WinDump, the Windows port of tcpdump, uses WinPcap, the Windows port of
> libpcap. The time stamps come from the WinPcap driver, which might,
> depending on how it's configured, read the system clock for each packet, or
> might read it w
On Nov 9, 2010, at 1:15 AM, Andrej van der Zee wrote:
> Today I received a tcpdump file from a client with timestamps that did
> not correspond to the system clock. If I remember correctly, tcpdump
> does not store complete timestamps but only a delta compared to the
> first timestamp.
No. Each
Hi,
Today I received a tcpdump file from a client with timestamps that did
not correspond to the system clock. If I remember correctly, tcpdump
does not store complete timestamps but only a delta compared to the
first timestamp. I guess tcpdump does not read the system clock every
time, but has it
