I have to say, the tcpdump output format has changed so much recently
that I think anyone with scripts has to keep pretty far on top of it,
but:
What really bugged me was I had to go source diving to figure out
why I was getting "oui Unknown."
I suppose we could improve the documentation on this,
John Hawkinson wrote:
>> In the interim, I suggest removing the word "oui", and also the
>> "unknown" string. We'll report the things in our table, and just
>> won't bother with bytes of output that don't help.
> That was my original proposal. Do you want a patch?
Yes.
If someo
> | Obviously there are thousands of OUIs, and most are not going to ever
> | be in tcpdump's list, and it seems like populating oui.c with 20,000
> | OUIs may not be the way to go.
> | Thoughts?
>
> make it better ;-) - what do you suggest ? - pull in a OUI table frequently ?
How about loading i
On Oct 18, 2014, at 4:12 AM, Hei Chan wrote:
> Hi,
> The first 3 packets are corrupted according to wireshark.
What is the exact message Wireshark reports?
Can you send us the pcap file or make it available for downloading?
> As soon as I read the first packet with pcap_next(), my application
On 10/22/2014 10:29 AM, Michael Richardson wrote:
Rick Jones wrote:
>> It seems to me that without more robust support this is just annoying
>> noise and, at the very least, the Unknown oui printing should be
>> removed.
>>
>> Thoughts?
> What would removing it do
Rick Jones wrote:
>> It seems to me that without more robust support this is just annoying
>> noise and, at the very least, the Unknown oui printing should be
>> removed.
>>
>> Thoughts?
> What would removing it do to scripts attempting to parse tcpdump
> output?
I'm
On 10/12/2014 01:00 PM, John Hawkinson wrote:
It seems to me that without more robust support this is just annoying
noise and, at the very least, the Unknown oui printing should be
removed.
Thoughts?
What would removing it do to scripts attempting to parse tcpdump output?
rick jones
_
Hannes Gredler wrote:
> | Because this feels like a half-implemented feature that turns into |
> an annoyance. Can we just remove the "Unknown" printing?
> i don't find it annoying ;-) - also it appears that this is the first
> "annoyance" report after 9 years.
> | I also do
On Sun, Oct 19, 2014 at 05:47:41PM -0400, John Hawkinson wrote:
| Hannes Gredler wrote on Sun, 19 Oct 2014
| at 23:11:56 +0200 in <20141019211156.GA90046@hannes-mba.local>:
|
| > make it better ;-) - what do you suggest ? - pull in a OUI table frequently
?
|
| As I said, I think:
|
| > | the U
Hannes Gredler wrote on Sun, 19 Oct 2014
at 23:11:56 +0200 in <20141019211156.GA90046@hannes-mba.local>:
> make it better ;-) - what do you suggest ? - pull in a OUI table frequently ?
As I said, I think:
> | the Unknown oui printing should be removed.
Because this feels like a half-implemente
On Sun, Oct 12, 2014 at 04:00:57PM -0400, John Hawkinson wrote:
| I guess it's been a long time since I've run tcpdump -e.
| On an 802.11 packet, I see:
|
| 15:47:26.928534 0us BSSID:58:f3:9c:e5:a2:cf (oui Unknown) DA:Broadcast
| SA:58:f3:9c:e5:a2:cf (oui Unknown) Beacon (MIT N) [18.0 24.0* 36.0 4
Hi,
The first 3 packets are corrupted according to wireshark.
As soon as I read the first packet with pcap_next(), my application gets a
coredump.
Is it an expected behavior?
If not, what's the correct/better usage to get around it?
Thanks in advance.
Cheers,
Hei
P.S. I am using libpcap 1.4
12 matches
Mail list logo
