On Apr 4, 2011, at 10:09 PM, Darren Reed wrote:
> Is there a DLT type for "plain text"?
No.
> That is, can I record or insert text based comments or other data to a pcap
> file?
No, but you can record them in a pcap-NG file.
The tradeoffs:
With LINKTYPE_PPI+LINKTYPE_TEXT, with no ch
Is there a DLT type for "plain text"?
That is, can I record or insert text based comments or other data to a
pcap file?
Why could or would this be significant?
Well, if I was using DLT_PPI that allows multiple types of packets to be
recorded in a single file, why can't one of those DLT's be
Hi Guy,
Thanks for the email.
> (No, the "any" device doesn't give you Ethernet packets, even if, at the
> time you start the capture, the only interfaces on your machine are Ethernet
> interfaces. If you want to capture on a particular Ethernet device, use its
> name, e.g. "eth0", in which cas
On Apr 4, 2011, at 12:15 PM, Rick Jones wrote:
> The former is easy enough - attached is a compressed pcap file with 30
> captured PDUs which can be used for testing. They are all just counter
> samples, there are no flow samples. Also attached is a compressed
> "cooked" file with the correct o
On Apr 4, 2011, at 12:15 PM, Rick Jones wrote:
> As for the latter, I don't have some of the pre-reqs installed:
>
> raj@tardy:~/tcpdump$ make check
> uudecode --help || (echo "No uudecode program found, not running tests";
> echo "apt-get/rpm install sharutils?"; exit 1)
> /bin/sh: uudecode: no
On Sun, 2011-04-03 at 20:27 +0200, Michael Richardson wrote:
> > "Rick" == Rick Jones writes:
> Rick> tcpdump 4.1.1, and 4.3.0-PRE-GIT_2011_04_01 prints just one
> Rick> expanded counter sample per captured PDU because it mistakenly
> Rick> skips forward sflow_sample_len when it ha
On Fri, 2011-04-01 at 20:11 -0700, Guy Harris wrote:
> On Apr 1, 2011, at 6:03 PM, Rick Jones wrote:
>
> > tcpdump 4.1.1, and 4.3.0-PRE-GIT_2011_04_01 prints just one expanded
> > counter sample per captured PDU because it mistakenly skips forward
> > sflow_sample_len when it has already adjusted
On Apr 3, 2011, at 11:38 PM, Andrej van der Zee wrote:
> I am trying to get started with a live capture using libpcap. Somehow I
> cannot get the contents of a packet. It seems that all bytes are zeroed.
> Here is the source code:
...
> void callback(u_char * user, const struct pcap_pkt
