On Sep 13, 2011, at 8:47 PM, Jon Schipp wrote:
> I have a few questions, hopefully someone can set me straight.
> Info: *I'm on FreeBSD 8.2* *out of a couple million packets, in a few hours
> time, I drop around 4000*
> First off are all packets stored in mbufs?
With most network drivers, I thin
On Sep 13, 2011, at 11:16 PM, Erik Hjelmvik wrote:
> The reason for why it would be great to have in tcpdump is because
> tcpdump is an ubiquitous tool that is available practically everywere.
tcpdump-with-pcap-over-IP-support is a non-existent tool that is available
nowhere. :-)
If the tcpdum
2011/9/13 Guy Harris :
> It sounds as if you mean "pcap-over-IP server" here, in that tcpdump would
> send network traffic over the wire to a client, such as {tcpdump, Wireshark,
> NetworkMiner, etc.}.
Well, you are right in that my idea was for tcpdump to send libpcap
data over TCP to another m
Hey guys,
I have a few questions, hopefully someone can set me straight.
Info: *I'm on FreeBSD 8.2* *out of a couple million packets, in a few hours
time, I drop around 4000*
First off are all packets stored in mbufs?
And if so, is it possible to increase the amount of mbuf clusters to improve
tcp
On Sep 6, 2011, at 11:01 PM,
wrote:
>
>> Will there ever be both "normal mode" and "transparent mode" packets
> in
>> the same capture file? If not, perhaps transparent mode should have
> its
>> own link-layer type value.
>
> The two modes will never be mixed up in one file. Having a second
On Sep 13, 2011, at 12:47 PM, Erik Hjelmvik wrote:
> What do you guys think? Would it be relevant to implement a
> Pcap-over-IP client in tcpdump?
It sounds as if you mean "pcap-over-IP server" here, in that tcpdump would send
network traffic over the wire to a client, such as {tcpdump, Wiresha
Hi all,
I've been using tcpdump and netcat to achieve what I call
"Pcap-over-IP", as described here:
http://www.netresec.com/?page=Blog&month=2011-09&post=Pcap-over-IP-in-NetworkMiner
This is a very simple solution that allows me to capture network
traffic from remote devices, such as firewalls e
> "Rick" == Rick Jones writes:
>> I think that this is a bit low, so double it.
>>
Rick> While that would be considerably higher than the current
Rick> tcpdump-workers email rate (as I perceive it, not actually
Rick> measured) it does not strike me as an onerous level of
> "Rick" == Rick Jones writes:
>> Guy and I were discussing adding post-commit hooks to the repos
>> to send out summaries of activities.
>>
>> Is there an objection if they go to this list? Or do people
>> prefer a new list?
>>
>> I note that the github.com/mcr
On 09/13/2011 07:22 AM, Michael Richardson wrote:
"Rick" == Rick Jones writes:
>> Guy and I were discussing adding post-commit hooks to the repos
>> to send out summaries of activities.
>>
>> Is there an objection if they go to this list? Or do people
>> prefer a n
10 matches
Mail list logo
