Re: [tcpdump-workers] large packets parsing using TcpDump

Hi, Thanks for the response. my question is why tcpdump doesn't parse the large snmp response packet as it does for the typical response packet. You can see below the difference between tcpdump output in case of typical response packet: 14:55:32.144583 IP 172.30.9.40.snmp > 172.30.9.16.47686: GetRe

Re: [tcpdump-workers] Git with problems?

On Dec 1, 2010, at 10:19 AM, Flavio Truzzi wrote: > Hi I have an application that filter packets, using an old version it works > fine, when using the git version > > The main problem is that when I apply filters with "dst" it works fine, but > with "src" nothing. Does the same thing happen

[tcpdump-workers] Git with problems?

Hi I have an application that filter packets, using an old version it works fine, when using the git version The main problem is that when I apply filters with "dst" it works fine, but with "src" nothing. -- Flavio Sales Truzzi Engenharia Elétrica habilitação Computação e Sistemas Digitais

Re: [tcpdump-workers] Problem with usb support

On Nov 30, 2010, at 10:28 PM, Michael Szalay wrote: > Thanks, now I have another error: > > ./runlex.sh flex -Ppcap_ -oscanner.c scanner.l > bison -y -p pcap_ -d grammar.y > NONE:0: /usr/bin/m4: ERROR: EOF in string > bison: subsidiary program `/usr/bin/m4' failed (exit status 1) > make: *** [gr

Re: [tcpdump-workers] large packets parsing using TcpDump

On Nov 30, 2010, at 10:35 PM, Mali Shternhell wrote: > Hi, Thanks for the response. > my question is why tcpdump doesn't parse the large snmp response packet > as it does for the typical response packet. Because the SNMP printer routine that parses an ASN.1 BER item will quit if the length of t

Re: [tcpdump-workers] what is the best value for PCAP_FRAMES?

On Dec 1, 2010, at 1:19 AM, Jon Zhou wrote: > The bigger PCAP_FRAMES or a smaller value will get a better performance? > > I.e. > > PCAP_FRAMES=max tcpdump -I eth0 -w /dev/null > > Or > > PCAP_FRAMES=4096 tcpdump . As distributed by tcpdump.org, neither libpcap nor tcpdump pay any attent

Re: [tcpdump-workers] Tcpdump Expression to get the rst packets for ipv6

On 30 nov 2010, at 08:46, Abhilash Shastry wrote: > I am looking out for the expression to get the reset packets for ipv6 > through tcpdump. > > At present we are using the below expression for ipv4. > > [/usr/sbin/tcpdump -i eth1 -s 1600 'tcp[13] & 4 != 0] > > As mentioned in tcpdump.org site

[tcpdump-workers] what is the best value for PCAP_FRAMES?

Hi there: The bigger PCAP_FRAMES or a smaller value will get a better performance? I.e. PCAP_FRAMES=max tcpdump -I eth0 -w /dev/null Or PCAP_FRAMES=4096 tcpdump . Thanks jon - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.