On Nov 30, 2011, at 6:11 PM, Guy Harris wrote:
> However, even with the filter that *does* handle extension headers - "ip6
> protochain \tcp" (which has to be quoted so that the shell passes the
> backslash on to tcpdump) - it *still* isn't matching the first packet, so
> there's a bug of some
On Nov 30, 2011, at 4:17 AM, Shalom Kramer wrote:
> This will show you how the packet looks when tcpdump doesn't try to apply
> any filters.
*The* packet?
Those are two different packets; the filter "tcp" is, for some reason, failing
to match the first packet, but it's matching a subsequent pa
On Nov 27, 2011, at 10:51 PM, Max Filippov wrote:
> Looks like your mail has been delayed a bit.
Yes, there was apparently a glitch in the mailing list.
> Usually beacons are not sent as ordinary packets, so you cannot see
> them on their egress interface.
> Wireless driver is notified about be
Hi.
Looks like your mail has been delayed a bit.
> I am writing my own program, which will be running on a 802.11 AP, to capture
> all the outgoing beacons on the AP. But I just noticed I cannot do it with
> the current libpcap: the program couldn't capture any outbound beacons. I've
> also tr
On Nov 30, 2011, at 2:18 PM, Michael Richardson wrote:
> I was under the impression that some of hte ring-buffer mechanisms need
> packets to be aligned on MMU-sized boundaries so that the kernel can
> play page-swapping games, rather than copying data.
I don't think it does page-flipping - it j
Buffers nees to be aligned to the pages (for a number of reasons), but nothing
should prevent storing multiple packets within a single shared buffer (like BSD
does).
Have a nice day
GV
-Original Message-
From: tcpdump-workers-ow...@lists.tcpdump.org
[mailto:tcpdump-workers-ow...@lists.
I was under the impression that some of hte ring-buffer mechanisms need
packets to be aligned on MMU-sized boundaries so that the kernel can
play page-swapping games, rather than copying data.
If that's the case, then much of memory isn't really in use, just
virtual address space.
--
] He
On Nov 30, 2011, at 9:55 AM, David Laight wrote:
> That doesn't preclude the use of variable sized buffers.
> There are several schemes that could have been used that
> have much the same logic, but allow variable sized buffers.
At least with the Linux design, there's a fixed ring buffer of desc
On Nov 30, 2011, at 2:40 AM, Fernando Gont wrote:
> Could you suggest a good reference for BPF syntax? -- So far I've only
> used pcap_compile() and hence didn't really get into BPF.
Well, for reference purposes, there's the original BPF paper:
http://www.tcpdump.org/papers/bpf-usenix93
On Nov 28, 2011, at 6:58 AM, Michael Richardson wrote:
> I think that this belongs in libpcap, in pcap-linux.c.
Yes, it does, and, in fact, it *is* there in the trunk and 1.2 branches (and
the 1.2.0 release), as per my response to the previous copy of Magnus's message
(presumably he resent it
On Wed, Nov 30, 2011 at 01:06:19PM +0100, Joerg Mayer wrote:
> On Mon, Nov 28, 2011 at 02:35:24PM -0500, abhinav narain wrote:
> > I am using libpcap on Openwrt platform, Netgear router wndr3700v2.
> > I am able to capture packets on phy0, interface.
> > But what should I do to capture packets on p
> "Lazarev" == Lazarev Dmitry writes:
Lazarev> Hello!
Lazarev> Can I offer binary version of tcpdump for my on needs? To
Lazarev> trace traffic on my own notebook?
Of course. Why would you think otherwise?
--
] He who is tired of Weird Al is tired of life! |
Tue, Nov 29, 2011 at 09:35:00PM CET, nicolas.2p.deb...@gmail.com wrote:
>Le 29/11/2011 14:38, Thomas De Schampheleire a écrit :
>>Hi,
>>
>>I'm seeing incorrect tcpdump output in the following scenario:
>>
>>* ethernet bonding enabled in the kernel, and a single network
>>interface (eth0) added as s
Le 29/11/2011 14:38, Thomas De Schampheleire a écrit :
Hi,
I'm seeing incorrect tcpdump output in the following scenario:
* ethernet bonding enabled in the kernel, and a single network
interface (eth0) added as slave
* bonding mode was set to broadcast, but I don't think this matters
* VLAN add
> "Magnus" == Magnus Gille writes:
Magnus> I came across an issue with tcpdump where the linux kernel
Magnus> couldn't allocate memory properly when we ran tcpdump -s 0
Magnus> on one of our boxes. Tcpdump sets snaplen to 65535 if -s 0
Magnus> is provided and this became a pro
> "Tom" == Tom Carly writes:
Tom> Hi,
Tom> i'm trying to compile tcpdump with libpcap-pfring. The libpcap
Tom> compilation went fine. With tcpdump compilation (./configure
Tom> and make) i get this error:
Is libpcap-pfring supposed to be built *with* libpcap, or instead of
> I didn't see any of the discussions about it, but my guess is
> that the intent was to have a fixed set of slots in the
> buffer, each one associated with a fixed header, so that most
> of the packet-receive loop can just look at the headers and
> process all "owned by userland" headers and
On Mon, 2011-11-28 at 14:35 -0500, abhinav narain wrote:
> I don't think I can use "any" interface as it might capture packets from
> bridge interface also !
I use bonding to re-combine traffic from the Tx and Rx of a passive
optical tap. You might be able to use the same technique. Here is an
ex
Hi,
I encountered a bug while trying to apply a filter to an ipv6 pcap which
contains IPv6 optional headers.
(link to pcap
http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=http_over_ipv6_with_options.pcap
)
To reproduce the bug simply run:
> *tcpdump -xx -c 1 -s 0 -r htt
On Mon, Nov 28, 2011 at 02:35:24PM -0500, abhinav narain wrote:
> I am using libpcap on Openwrt platform, Netgear router wndr3700v2.
> I am able to capture packets on phy0, interface.
> But what should I do to capture packets on phy0,phy1 simultaneously in the
> same program ?
>
> I don't think I
If you are willing to do this on a regular basis, the junkie sniffer [1]
(build atop libpcap) can do this with a somewhat complex command line
such as:
junkie -p /usr/local/lib/junkie/writer.so -i phy0 -i phy1 --file capture.pcap
If you are not doing this regularly, and considering you are doing
On 11/28/2011 02:49 PM, Guy Harris wrote:
>> 1. Captures and sends some packets 2. Does something else 3.
>> Captures and sends some packets
>>
>> I'd like to use the same libpcap descriptor (pcap_t *) for both
>> Step 1 and step 2 above, but I don't want want libpcap to continue
>> capturing pack
On Wed, Nov 30, 2011 at 8:52 AM, Jiri Pirko wrote:
> Tue, Nov 29, 2011 at 09:35:00PM CET, nicolas.2p.deb...@gmail.com wrote:
>>Le 29/11/2011 14:38, Thomas De Schampheleire a écrit :
>>>Hi,
>>>
>>>I'm seeing incorrect tcpdump output in the following scenario:
>>>
>>>* ethernet bonding enabled in th
On Mon, Nov 28, 2011 at 11:35 AM, abhinav narain
wrote:
> hi,
> I am using libpcap on Openwrt platform, Netgear router wndr3700v2.
> I am able to capture packets on phy0, interface.
> But what should I do to capture packets on phy0,phy1 simultaneously in the
> same program ?
>
> I don't think I ca
24 matches
Mail list logo
