Re: [tcpdump-workers] How to daemonize tcpdump

2008-05-28 Thread Bruce M Simpson
Bruce M Simpson wrote: I once hacked its predecessor trafd to export its counters via SNMP. It's a bit frustrating that RMON never really got opened up. Actually someone has rolled a libpcap and Net-SNMP based RMON module: http://www.nongnu.org/ramon/ Seems quite pre-alpha though. -

Re: [tcpdump-workers] How to daemonize tcpdump

2008-05-26 Thread Bruce M Simpson
Chris Pawelko wrote: Good afternoon, Has anybody heard of or had run tcpdump as a daemon? If so are there any instructions? You probably want bpft, not tcpdump. I once hacked its predecessor trafd to export its counters via SNMP. It's a bit frustrating that RMON never really got opened up.

Re: [tcpdump-workers] [Patch] tcpdump probabilistic sampling

2008-04-02 Thread Bruce M Simpson
Jesse Kempf wrote: Hi, So tcpdump tends to jam up the terminal a bit when you try to dump on a saturated gigabit link. I've added a -P option to tcpdump that lets you specify a probability for tcpdump to print each packet. It uses drand48() to figure out whether each packet captured should be

Re: [tcpdump-workers] next release of libpcap

2008-03-25 Thread Bruce M Simpson
+1 here. Zero copy BPF has just gone into FreeBSD-CURRENT. It would be great to have a snap which can do this too. Christian Peron (CC'd) has been responsible for the code. cheers BMS - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] Fix pcap-linux.c compilation with non-glibc

2008-03-01 Thread Bruce M Simpson
Kris Katterjohn wrote: | I've attached a patch, and submitted it to the SF.net tracker, to check | for socklen_t in configure. pcap-linux.c is the only file that uses it, | but the #ifndef test to check if it's all ready defined or not is broken. | | Currently it assumes that glibc is the onl

Re: [tcpdump-workers] ETHERMTU

2007-09-05 Thread Bruce M Simpson
Saikiran Madugula wrote: Am extremely sorry for replying to a mail in the list. I was hoping to change the subject, but missed it. Re-sending as new email. --- Original Mail--- gencode.c in libpcap defines ETHERMTU as 1500, is it good to redifine what standard linux does ? Eg in net/ethernet.h

Re: [tcpdump-workers] RFC: Add multicast reception API to libpcap

2007-08-25 Thread Bruce M. Simpson
Rick Jones wrote: So this is meant to enable receipt of specific multicasts and not receipt of all multicasts right? Is that a particularly "pcappy" thing? Correct. I believe it logically belongs with pcap, as it is something which may well be required if using pcap as the link-layer API.

[tcpdump-workers] RFC: Add multicast reception API to libpcap

2007-08-24 Thread Bruce M Simpson
s very much solicited and appreciated. regards, BMS --- Begin Message --- Bruce M Simpson <[EMAIL PROTECTED]> wrote: > (Cc:ing Pavlin as he did the XORP pcap socket support to facilitate IS-IS) > > Sam Leffler wrote: > >> > >> Tapping BPF in-kernel does not automati

Re: [tcpdump-workers] tcpdump v3.9.6 archive incorrect version ?

2007-07-17 Thread Bruce M Simpson
Michael Richardson wrote: Gianluca> Wasn't there supposed to be a x.9.7 release due a couple Gianluca> weeks ago, fixing the issue? That was my plan. The tcpdump 3.9.6 archive still appears to contain tcpdump 3.9.5. Any plans to take this forward? Or a rough time estimate of when

Re: [tcpdump-workers] tcpdump v3.9.6 archive incorrect version ?

2007-07-07 Thread Bruce M Simpson
Gianluca Varenni wrote: Wasn't there supposed to be a x.9.7 release due a couple weeks ago, fixing the issue? fetch: http://www.tcpdump.org/release/tcpdump-3.9.7.tar.gz: Not Found - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] tcpdump v3.9.6 archive incorrect version ?

2007-07-06 Thread Bruce M Simpson
I just noticed this too, as I started rolling the FreeBSD port for 3.9.6/0.9.6. BMS rmkml wrote: Hello, Im downloaded last tcpdump v3.9.6 (http://www.tcpdump.org/release/tcpdump-3.9.6.tar.gz), sha256 cksum : 242b27388ada00d0c40097cef0d56ac5bdbb0a5d81dffb480cdd91b109e10d8d tcpdump-3.9.6.tar.

Re: [tcpdump-workers] tcpdump/pcap 1-of-S sampling

2007-05-26 Thread Bruce M Simpson
kevin brintnall wrote: Hi, I would like to add a feature to tcpdump/pcap to only capture 1/S packets for some positive integer S. For example, this would be useful for traffic analysis on DNS servers where it's not feasible or desirable to capture every single packet. I believe this featur

Re: [tcpdump-workers] Tools for stripping parts of a pcap file?

2007-05-13 Thread Bruce M. Simpson
[EMAIL PROTECTED] wrote: Command line would be preferred. But I'm also wondering if maybe what I wanted to do here was misunderstood. I don't want to simply pick all the GRE packets and save those in pcap format. I want to pick the GRE packets and save them *without* the outer IP + GRE header, in

Re: [tcpdump-workers] USB support in libpcap

2007-03-26 Thread Bruce M Simpson
Michael Richardson wrote: Okay, so if the point is to do a network capture from a USB attached wifi, why not just capture the 802.11 frames themselves into the already standardized frame formats we have? Aren't people already working on bringing things like the radiotap DLT into Linux by wa

Re: [tcpdump-workers] where does PCAP timestamp before or after the MAC scheduler?

2006-03-30 Thread Bruce M Simpson
On Thu, Mar 30, 2006 at 12:17:47PM +0200, Debrei Gabor wrote: > We want to compare 802.11 MAC schedulers performance, to decide > how much the Media Access takes. > > We want to know where/when does PCAP put the timestamp (from not > so accurate kernel time) on to the packets. I already know, i

Re: [tcpdump-workers] TCDUMP enhancement for DSR (dynamic source routing)?

2006-03-17 Thread Bruce M Simpson
On Fri, Mar 17, 2006 at 01:46:14PM +0100, Grepet Cyril wrote: > I'm actually working on Ad hoc protocols, particulary on Dynamic Source > Routing (DSR) protocol. Cool! Do you plan to do any Layer 2 ad-hoc work? > For my study, I want to use tcpdump to filter DSR packet between several > impleme

Re: [tcpdump-workers] pcap_dispatch() blocks forever on FreeBSD 4.11 + em

2006-03-01 Thread Bruce M Simpson
On Wed, Mar 01, 2006 at 12:04:39PM +0100, Ragnar Lonn wrote: > Can anyone give me some ideas about where I should be looking to find/fix > this problem or if there is any probably workaround? The em(4) driver, probably. Locking on 4.x is quite different -- the kernel in 4.x is not preemptive and u

Re: [tcpdump-workers] any way to write datalink packets?

2006-02-21 Thread Bruce M Simpson
On Wed, Feb 22, 2006 at 08:37:18AM +0800, kashif javed wrote: > I am using RedHat Linux 9.0 and its version of pcap doesnt support the > apis mentioned by you pcap_inject() and pcap_sendpacket() . So i tried > downloading libpcap 0.9.4 from and it does support the two > aforementioned apis. Now i a

Re: [tcpdump-workers] tcpdump -T output format

2006-02-19 Thread Bruce M Simpson
On Sun, Feb 19, 2006 at 07:53:59PM +0530, Latha G wrote: > Please any one help me to understand the tcpdump -T option.. Try capturing rtp/rtcp flows e.g. for Voice-over-IP. Regards, BMS - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

[tcpdump-workers] XORP, Win32, libpcap, and MSVCRT.DLL

2005-06-07 Thread Bruce M Simpson
Hi, This is a bit of a long mail, so I'll address some of the points raised in a previous thread, and raise some of my own. MSVCRT.DLL -- MinGW uses MSVCRT.DLL explicitly. The newer MS VC++ compilers do not. They may be configured to do so. The rule is -- don't mix runtime versions, and

Re: [tcpdump-workers] pcap_dump_file & CO

2005-06-07 Thread Bruce M Simpson
On Tue, Jun 07, 2005 at 12:26:11AM -0700, Guy Harris wrote: > >Personally, I never use CRTDLL.LIB/MSVCRT.LIB, because in this case I'm > >forced to distribute my application with tons of DLL (MSVC*.DLL), which are > >far bigger than the application itself. > >Therefore, I'm always using the standar

Re: [tcpdump-workers] pcap next gerneration / adding communication

2005-04-08 Thread Bruce M Simpson
On Fri, Apr 08, 2005 at 11:57:33AM +0200, Pilz Rene wrote: > I want to add a feature where someone can connect and use a > network-interface of a remote computer to capture data. As ronnie > sahlberg has already pointed out in the ethereal list, > authentication and athoriztion should be one of t

Re: [tcpdump-workers] support of sctp in filters

2004-12-14 Thread Bruce M Simpson
On Tue, Dec 14, 2004 at 04:30:36PM +0100, Ariel Burbaickij wrote: > Hello dear mailing list partcipants, > are there any plans to support > sctp for capture filters? tcpdump -X -i ip proto sctp Of course, if you mean dumping sctp traffic in a human-readable manner, that is quite different. BMS

Re: [tcpdump-workers] x.9 branch

2004-10-07 Thread Bruce M Simpson
On Fri, Sep 24, 2004 at 03:02:07PM +0200, Hannes Gredler wrote: > any suggestion for a x.9 branch date ? what about 31-oct-04 ? I guess this isn't going to be in time for FreeBSD 5.3, but no biggie. Any further thoughts on a date for a new release cycle? Regards, BMS pgpqDonigyNec.pgp Descripti

Re: [tcpdump-workers] handling tcp retransmissions with libpcap

2004-09-23 Thread Bruce M Simpson
On Thu, Sep 23, 2004 at 01:29:33PM +0100, Andy Coates wittered thus: > I've been trying to read some tcp payloads from a dump file > generated by tcpdump. Everything has been going smoothly until > I encounter tcp segment losses and tcp retransmissions. By 'read some tcp payloads' I assume you're

Re: [tcpdump-workers] "final" radiotap patch for tcpdump

2004-09-22 Thread Bruce M Simpson
On Sun, Sep 19, 2004 at 05:32:12PM -0700, Guy Harris wrote: > >Looks good to me, at least for the top-of-tree (where we require that > >the platform support 64-bit integers, and where we define u_int64_t to > >be an unsigned 64-bit integer type). It would be nice if we could get this committed and

[tcpdump-workers] [PATCH] Add ioctl to disable bpf timestamping

2004-09-08 Thread Bruce M Simpson
Here's a patch against 5.3 to add a per-instance switch which allows the user to specify if captured packets should be timestamped (and, if so, whether microtime() or the faster but less accurate getmicrotime() call should be used). Comments/flames/etc to the usual... BMS Index: bpf.c ===

Re: [tcpdump-workers] Max OS-X issues: read privledges / bpf buffer

2004-09-03 Thread Bruce M Simpson
Hi, On Fri, Sep 03, 2004 at 11:41:42AM -0700, Guy Harris wrote: > >One last thing, I noticed in some other mails this month that > >eliminating timestamping will increase performance of bpf. I don't use > >this feature of bpf, is there a way for me to turn it off in Darwin? > > I suspect they

Re: [tcpdump-workers] capturing packets in many concurrent processes

2004-07-06 Thread Bruce M Simpson
On Tue, Jul 06, 2004 at 06:11:06PM -0700, Anthony D. Minkoff wrote: > I'm implementing several programs that use libpcap to monitor and > analyze network traffic. I understand that each of these programs uses > a BPF device, so that the number of such processes I can have running > on a system