Guy Harris wrote:
>
> On Jul 10, 2011, at 6:57 PM, Geoffrey Sisson wrote:
>
> > The catch is that domain names comprise a variable number of
> > variable-length fields.
>
> ...and include pointers back to other labels, for compression.
It's unlikely this would be used for much besides filtering
There are many factors that make the timestamps an approximation. In addition
to the ones already mentioned, the timestamps is typically taken several kernel
layers higher than the driver.
You can avoid these approximations on Linux by using tcpdump -j / -J with a NIC
that is capable of hard
On Jul 10, 2011, at 6:57 PM, Geoffrey Sisson wrote:
> The catch is that domain names comprise a variable number of
> variable-length fields.
...and include pointers back to other labels, for compression.
If the queries you're can be expressed in a syntax that could be added to the
libpcap filt
