On Mar 22, 2011, at 10:28 PM, harish badrinath wrote:
> From Line 43 in attachment2,
> pkmain (buffer=0x8053ca0 "Ports=80,25,11 Protcols=ALL,TCP Deny
> Ports=22,88 Deny Protocols=ICMP,UDP GAR BAG . .."), this is right
> before things fail.
So where's the code that reads the file and builds the C
On Wed, Mar 23, 2011 at 2:06 AM, Guy Harris wrote:
>
> On Mar 22, 2011, at 12:28 AM, harish badrinath wrote:
>
>> Each filter component is listed in a single line and the program would
>> read the entire file and compress all the arguments to one single
>> filter to be passed onto to pcap_compile.
From: Julien Moutinho
---
pcap-linux.c | 33 +++--
1 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/pcap-linux.c b/pcap-linux.c
index 1542fad..c896584 100644
--- a/pcap-linux.c
+++ b/pcap-linux.c
@@ -1429,6 +1429,7 @@ pcap_read_packet(pcap_t *handle,
From: Julien Moutinho
Symptom is a capture where caplen < len <= snaplen.
For instance to reproduce:
% sudo tcpdump -U -w /tmp/lo.pcap -s 128 -i lo -n ip &
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 128
bytes
% ping -c 1 -s $((-20-8+128)) 127.0.0.
Hi there,
following is a patch trying to fix the bug described here:
http://article.gmane.org/gmane.network.tcpdump.devel/4968
plus another patch FYI only which helped me to debug.
read the comments to know more.
you may also retrieve the patches with:
% git fetch git://195.88.84.18/~jul
On Mar 22, 2011, at 12:28 AM, harish badrinath wrote:
> Each filter component is listed in a single line and the program would
> read the entire file and compress all the arguments to one single
> filter to be passed onto to pcap_compile.
...and null-terminate it, right?
-
This is the tcpdump-w
Hello,
I am customizing ngrep for an internal application. It basically would
read filter from a file instead of, from the command line. I
apologize in advance for the wall-o-text.
High level description of the modification:
Each filter component is listed in a single line and the program would
