One consideration here: the behavior or the "vlan" keyword, although extremely
confusing and honestly brain damaged, has been there for multiple years, and
there are probably a number of tools relying on this confusing behavior.
Changing it might mean breaking some existing applications.
Earlie
Behalf Of Bill Fenner
Sent: Monday, February 04, 2013 2:40 PM
To: Gianluca Varenni
Cc: Guy Harris; Michael Richardson; tcpdump-workers@lists.tcpdump.org;
Francesco Ruggeri
Subject: Re: [tcpdump-workers] "not vlan" filter expression broken
catastrophically!
On Sat, Feb 2, 2013 at 1
you guys think?
Have a nice day
GV
-Original Message-
From: Guy Harris [mailto:g...@alum.mit.edu]
Sent: Friday, February 01, 2013 6:19 PM
To: Bill Fenner
Cc: Gianluca Varenni; Michael Richardson; tcpdump-workers@lists.tcpdump.org;
Francesco Ruggeri
Subject: Re: [tcpdump-workers] "not vla
, 2013 12:51 PM
To: Gianluca Varenni
Cc: Bill Fenner; Michael Richardson; tcpdump-workers@lists.tcpdump.org;
Francesco Ruggeri
Subject: Re: [tcpdump-workers] "not vlan" filter expression broken
catastrophically!
I'd like to point out that vlan filtering in general is completely brok
AM
To: Gianluca Varenni
Cc: Ani Sinha; tcpdump-workers@lists.tcpdump.org; Michael Richardson; Francesco
Ruggeri
Subject: Re: [tcpdump-workers] "not vlan" filter expression broken
catastrophically!
On Thu, Jan 31, 2013 at 7:20 PM, Gianluca Varenni
wrote:
> To be totally honest, I th
To be totally honest, I think the whole way in which vlans are managed in the
filters is quite nonsense. The underlying problem is that normally a BPF filter
is an "or" or "and" combination of disjoint filters, so if I write "filterA" or
"filterB" I assume that the two filters are disjoints, so
I've actually seen a similar problem with different NIC drivers, e.g. on RHEL6
running in ESXi 4 with the vmxnet3 drivers.
http://article.gmane.org/gmane.network.tcpdump.devel/5703
GV
-Original Message-
From: tcpdump-workers-ow...@lists.tcpdump.org
[mailto:tcpdump-workers-ow...@lists.t
pdump-workers-ow...@lists.tcpdump.org] On Behalf Of Guy Harris
Sent: Sunday, January 15, 2012 6:50 PM
To: tcpdump-workers@lists.tcpdump.org
Subject: Re: [tcpdump-workers] Snaplen (git-latest) not working properly on
linux
On Jan 15, 2012, at 6:44 PM, Gianluca Varenni wrote:
> Hi all.
>
>
Hi all.
It looks like there is a bug in handling a snaplen of 1500 on linux (with mmap
on). If I set a snaplen of 1500 and receive packets > 1500 (e.g. 1514), libpcap
returns only 1498 as caplen, and not 1500.
Libpcap latest on git (1.3.0-PRE-GIT_2012_01_15)
Linux RHEL6, kernel 2.6.32-131.21.1.
When you talk about 15% RAM, do you actually mean working set or virtual
address space? Which version of linux are you using?
Regarding 802.11a/b/g/n, you cannot rely much on the radiotap header of a
beacon frame. The radiotap header will only tell you which band was the packet
transmitted on (
: [tcpdump-workers] Bug in the BPF compiler optimizer
On Dec 6, 2011, at 5:47 PM, Gianluca Varenni wrote:
> It looks like there is a bug in the optimizer of the BPF compiler, both in
> 1.0 and trunk on git. If you try to compile the following filter,
> pcap_compile goes into some endles
Hi all,
It looks like there is a bug in the optimizer of the BPF compiler, both in 1.0
and trunk on git. If you try to compile the following filter, pcap_compile goes
into some endless loop in bpf_optimize and never exits. If optimization is
disabled the filter is correctly compiled.
((ether[0
Buffers nees to be aligned to the pages (for a number of reasons), but nothing
should prevent storing multiple packets within a single shared buffer (like BSD
does).
Have a nice day
GV
-Original Message-
From: tcpdump-workers-ow...@lists.tcpdump.org
[mailto:tcpdump-workers-ow...@lists.
Is there a specific reason why shared memory is implemented in such a way that
frame buffers are allocated based on the maximum frame supported frame size
(+junk, see 802.11)? In virtualized environments or in general when you have HW
offloading, the maximum frame size seen by the kernel tap is
A comment on this. In the last couple of years I've been actually thinking of
dumping the rpcap support out of WinPcap. The reason is that such code is
pretty much unmaintained, I struggle to have the patch compile on Windows every
time, let linux (and all the other OSes supported by libpcap) as
I would just perform the capture in a separate thread.
Have a nice day
GV
-Original Message-
From: tcpdump-workers-ow...@lists.tcpdump.org
[mailto:tcpdump-workers-ow...@lists.tcpdump.org] On Behalf Of Jeff Garrett
Sent: Thursday, May 05, 2011 8:30 AM
To: tcpdump-workers@lists.tcpdump.org
This is what PPI does.
http://www.cacetech.com/documents/PPI%20Header%20format%201.0.10.pdf
There is already a DLT for PPI (DLT_PPI). The only difference from your
solution is that the minimum header before the packet is 8 bytes (instead of
4). The advantage is that Wireshark already supports
This is what PPI does.
http://www.cacetech.com/documents/PPI%20Header%20format%201.0.10.pdf
There is already a DLT for PPI (DLT_PPI). The only difference from your
solution is that the minimum header before the packet is 8 bytes (instead of
4). The advantage is that Wireshark already supports
More easily: take a capture file containing TCP packets, and run it thru
tcpdump and thru your application. Send what tcpdump reports and what your
application reports.
GV
--
From: "Eloy Paris"
Sent: Thursday, August 19, 2010 2:43 PM
To:
Subjec
--
From: "Andrej van der Zee"
Sent: Thursday, August 19, 2010 7:23 AM
To:
Subject: [tcpdump-workers] tcp sequence and ack number with libpcap
Hi,
I am trying to get the TCP sequence and ack number of TCP packets. Somehow
I
get different values
--
From: "Madhusudan KR"
Sent: Tuesday, April 27, 2010 7:29 AM
To:
Subject: [tcpdump-workers] capturing packets
Hi,
I have a system which has two ethernet interfaces, namely eth0 and eth1.
I need to capture the packets from both the interfaces
What happened to the release?
Have a nice day
GV
--
From: "Michael Richardson"
Sent: Thursday, March 11, 2010 7:37 PM
To:
Cc: "Guy Harris" ; "Ken Bantoft" ;
"Gianluca Varenni"
Subject: Re: [tcpdump-wor
08, 2010 11:59 AM
To:
Subject: Re: [tcpdump-workers] Release schedule?
"Gianluca" == Gianluca Varenni
writes:
Gianluca> Can we wait until tomorrow for the release? I fixed a
Gianluca> minor compilation issue of tcpdump under Windows and I
Gianluca> want to add t
Can we wait until tomorrow for the release? I fixed a minor compilation
issue of tcpdump under Windows and I want to add the VS2005 projects to the
repository as well.
Have a nice day
GV
--
From: "Michael Richardson"
Sent: Sunday, March 07, 2010
Just to add to that, we use pcap_next_ex all the time for capturing at
gigabit rates (millions of packets per second) without any performance
issue.
Have a nice day
GV
--
From: "Guy Harris"
Sent: Friday, March 05, 2010 11:57 AM
To:
Subject: Re
What is the value of filter?
GV
- Original Message -
From: "Adayadil Thomas"
To:
Sent: Thursday, October 29, 2009 8:23 AM
Subject: [tcpdump-workers] Debugging an issue with
pcap_compile/pcap_setfilter
Hi All,
I have a program that uses libpcap to read and analyze packets.
Libpc
- Original Message -
From: "Abdelrazak Younes"
To: "Aaron Turner"
Cc:
Sent: Tuesday, October 27, 2009 6:04 AM
Subject: Re: [tcpdump-workers] pcap_findalldevs() failing on FreeBSD 7.2
Hello Aaron,
Aaron Turner wrote:
I've got a user of tcpreplay having issues where his interfaces
Presumably aligned(8) means "align on an 8-byte boundary"; if canid_t
is a 32-bit quantity, then there should be 3 bytes of padding on *all*
platforms.
However, if you're using DLT_CAN20B, what matters here is what
*existing* software that uses DLT_CAN20B expects; you would have to
arra
different DLT_ value, e.g. DLT_CAN20B_LINUX or DLT_CAN20B_SOCKETCAN or
something such as that.
Gianluca, what does the header look like in a DLT_CAN20B packet?
Yes, I agree with you. I searched arround for software that uses that
DLT, but did not find anything...
My intention was to avoid to re
However, if you're using DLT_CAN20B, what matters here is what *existing*
software that uses DLT_CAN20B expects; you would have to arrange to make
the frame look like that, regardless of whether it matches "struct
can_frame" or not, or you would have to request a different DLT_ value,
e.g
- Original Message -
From: "Michael Richardson"
To:
Sent: Tuesday, July 21, 2009 7:02 PM
Subject: Re: [tcpdump-workers] Any chance of getting tcpdump 4.0.1/libpcap
1.0.1 out?
"Gianluca" == Gianluca Varenni writes:
Gianluca> Michael, Ken,
Gi
y 15, 2009 1:38 PM
Subject: Re: [tcpdump-workers] Any chance of getting tcpdump 4.0.1/libpcap
1.0.1 out?
On Jul 15, 2009, at 1:12 PM, Gianluca Varenni wrote:
There were a couple of commits lately, including some bug fixes to the
USB-linux code.
The bug fixes I've been doing have j
What do you mean by "it doesn't work correctly"?
1. compilation problems?
2. linking problems?
3. the application runs but fails to list the adapters?
4. the application runs, you can open the adapter but you dont capture any
packet?
5. the application runs and captures but it eventually crash
There were a couple of commits lately, including some bug fixes to the
USB-linux code.
Have a nice day
GV
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
ossible to embed all those variables in some
structure and pass them as parameters to the compiler, but I'm not exactly
experienced with reentrant parsers with flex.
Just my two cents
GV
- Original Message -
From: "Gianluca Varenni"
To:
Sent: Thursday, July 09, 2009 5:54
Thanks Guy!
GV
- Original Message -
From: "Guy Harris"
To:
Sent: Saturday, July 11, 2009 2:10 PM
Subject: Re: [tcpdump-workers] Memory leak in libpcap (top of tree) and/or
kernel
On Jul 10, 2009, at 5:09 PM, Gianluca Varenni wrote:
I think the routine usb_cleanup_
- Original Message -
From: "Guy Harris"
To:
Sent: Friday, July 10, 2009 3:45 PM
Subject: Re: [tcpdump-workers] Memory leak in libpcap (top of tree) and/or
kernel
On Jul 10, 2009, at 3:35 PM, Gianluca Varenni wrote:
I just discovered an interesting leak with the libpc
Hi all.
I just discovered an interesting leak with the libpcap 1.0 or the current
top-of-tree.
On Fedora 10, kernel 2.6.27.5 or 2.6.27.12, there is a memory leak by which
a simple program like this one will eventually use all the memory on the
system (as reported by top) and eventually the a
- Original Message -
From: "Guy Harris"
To:
Sent: Thursday, July 09, 2009 5:45 PM
Subject: Re: [tcpdump-workers] [Fwd: Re: Thread Safe Lexer]
On Jul 9, 2009, at 3:34 PM, Gianluca Varenni wrote:
This actually makes sense to me (I actually have the same problem
with Wi
- Original Message -
From: "Sam Roberts"
To:
Sent: Thursday, July 02, 2009 11:14 AM
Subject: Re: [tcpdump-workers] [Fwd: Re: Thread Safe Lexer]
On Wed, Jul 1, 2009 at 12:32 PM, Eloy Paris wrote:
Do we use Flex and Bison on all supported platforms, or we have things
setup so we use t
- Original Message -
From: "Guy Harris"
To:
Sent: Wednesday, July 01, 2009 12:47 PM
Subject: Re: [tcpdump-workers] [Fwd: Re: Thread Safe Lexer]
On Jul 1, 2009, at 12:04 PM, Behdad Forghani wrote:
Gianluca asked me to forward this to the mailing list. During
Sharkfest09 he had me
t another
set, and ask MCR to sign them ;)
Ken
On 29-Apr-09, at 11:29 AM, Gianluca Varenni wrote:
Have a nice day
GV
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Have a nice day
GV
smime.p7s
Description: S/MIME cryptographic signature
The file "signature.h" seems to be missing from the tcpdump package, so
tcpdump does not compile (well, WinDump).
Is this file supposed to be part of a standard *nix distribution?
Have a nice day
GV
- Original Message -
From: "Ken Bantoft"
To:
Sent: Wednesday, March 25, 2009 7:22 A
dress with pcap/winpcap
On Mar 4, 2009, at 9:19 AM, Gianluca Varenni wrote:
In the case of Windows/WinPcap, we have an internal Packet API to get
the MAC address, the main problem is exposing such MAC address at the
pcap API level. I actually didn't know that findalldevs was ret
- Original Message -
From: "Chris Morgan"
To:
Sent: Tuesday, March 03, 2009 7:33 PM
Subject: Re: [tcpdump-workers] Hardware mac address with pcap/winpcap
...
Is the development of pcap such that such a feature might be present
in the next several months? Even something that would w
- Original Message -
From: "Guy Harris"
To:
Sent: Friday, February 06, 2009 11:06 AM
Subject: Re: [tcpdump-workers] start pcap in two thread
On Feb 6, 2009, at 7:24 AM, David Andrey wrote:
Can 2 threads (in the same process) start each one a sniffing session
on the same interfa
- Original Message -
From: "Guy Harris"
To:
Sent: Sunday, December 21, 2008 12:26 PM
Subject: Re: [tcpdump-workers] TCPDUMP 4.0.1rc1 and LIBPCAP 1.0.1rc1
available for testing
On Dec 21, 2008, at 1:25 AM, Gianluca Varenni wrote:
When I run it, I get
./a.out: e
I have some problems using the shared version of libpcap.
Environment: fresh installation of a Debian 4.0r5 x86
I compiled the 1.0.1rc1 sources with
make shared;make install;make install-shared
(BTW, you need to run both "install" and "install-shared" because the latter
doesn't install the in
- Original Message -
From: "Abdelrazak Younes" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, December 09, 2008 7:05 AM
Subject: [tcpdump-workers] pcap_findalldevs_ex() and libpcap
Hello there,
I am slowly learning libcap which I find quite useful, thanks a lot to the
authors.
I have th
Libpcap as-is does not compile within cygwin. You need to use WinPcap. The
WinPcap devpack does provide the necessary lib files for the cygwin build
environment.
http://www.winpcap.org/devel.htm
Hope it helps
GV
- Original Message -
From: "Sa-nga Chotikapakorn" <[EMAIL PROTECTED]>
- Original Message -
From: "Ben Greear" <[EMAIL PROTECTED]>
To:
Sent: Thursday, November 13, 2008 9:38 PM
Subject: Re: [tcpdump-workers] libpcap & poll()
Aaron Turner wrote:
On Thu, Nov 13, 2008 at 8:15 PM, Ben Greear <[EMAIL PROTECTED]>
wrote:
I guess you have some way of knowin
- Original Message -
From: "Eloy Paris" <[EMAIL PROTECTED]>
To:
Sent: Thursday, November 13, 2008 3:24 PM
Subject: Re: [tcpdump-workers] libpcap & poll()
Hi Ben,
On Thu, Nov 13, 2008 at 03:13:05PM -0800, Ben Greear wrote:
[...]
The code above works on Solaris, but does not work
Same for the CVS, which is AFAIK hosted on the same machine.
Have a nice day
GV
smime.p7s
Description: S/MIME cryptographic signature
- Original Message -
From: "Guy Harris" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, April 09, 2008 3:48 PM
Subject: Re: [tcpdump-workers] Libpcap 1.0, WinPcap and documentation
Gianluca Varenni wrote:
Within WinPcap I have a big problem in generating the docume
Hi all.
I've just seen that all the documentation of libpcap has been migrated from
a single pcap.3 file to single .3pcap files, one per function (more or
less).
Within WinPcap I have a big problem in generating the documentation. Within
WinPcap we generate html with doxygen out of an (outda
eady a DLT named DLT_CAN20B, there is no need for another
CAN DLT.
You should probably ask Gianluca Varenni whether the format they use at
CACE Technologies matches the format you want to use, if you haven't done
so already.
-
This is the tcpdump-workers list.
Visit https://cod.sandelma
- Original Message -
From: "alexander medvedev" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, January 30, 2008 8:48 AM
Subject: [tcpdump-workers] libpcap 1.0 q
Hi,
I am also interested in when libpcap 1.0 will be out.
Could I know more about its features?
Will it support the next gener
Any news about this release?
Ken Bantoft announced a released candidate to be out in mid november, but
nothing happened.
Have a nice day
GV
smime.p7s
Description: S/MIME cryptographic signature
- Original Message -
From: "Alexander Dupuy" <[EMAIL PROTECTED]>
To: "tcpdump-workers"
Sent: Wednesday, December 12, 2007 7:52 AM
Subject: Re: [tcpdump-workers] [PATCH] enable memory mapped access to
ethernet
Gianluca Varenni wrote:
Having a functio
- Original Message -
From: "Guy Harris" <[EMAIL PROTECTED]>
To:
Sent: Monday, December 10, 2007 1:29 PM
Subject: Re: [tcpdump-workers] [PATCH] enable memory mapped access to
ethernet
Gianluca Varenni wrote:
why not using a different return value instead of a stri
- Original Message -
From: "Alexander Dupuy" <[EMAIL PROTECTED]>
To:
Sent: Monday, December 10, 2007 10:42 AM
Subject: Re: [tcpdump-workers] [PATCH] enable memory mapped access to
ethernet device for linux
Guy Harris asked:
How does pcap_setbufsize() differ from pcap_setbuff()?
- Original Message -
From: "Michael Richardson" <[EMAIL PROTECTED]>
To:
Cc: "Peter Losher" <[EMAIL PROTECTED]>; "Joao Damas" <[EMAIL PROTECTED]>
Sent: Sunday, December 09, 2007 2:53 PM
Subject: Re: [tcpdump-workers] tcpdump patches...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- Original Message -
From: "Guy Harris" <[EMAIL PROTECTED]>
To:
Sent: Thursday, December 06, 2007 4:09 PM
Subject: Re: [tcpdump-workers] [PATCH] enable memory mapped access to
ethernet device for linux
There's also an issue that with the ringbuffer, the initial contents can
be qu
I agree with you.
Consider that under windows, for example, we have a windows-only function to
set the kernel buffer size
(http://www.winpcap.org/docs/docs_40_2/html/group__wpcapfunc.html#g124bde25ccd9e39017ff2abec2dda623)
and the kernel buffer in WinPcap is actually a ring buffer (although we
From what you said, you basically changed the behavior of the snaplen
parameter of pcap_open_live(). At the risk of being annoing, I find it a
really bad idea. If it's called snaplen, it's the snaplen, period.
Isn't it possible to add a pcap function to set such parameter (or
eventually create a
: Re: [tcpdump-workers] Fw: [Winpcap-users] Using filters with IP
encapsulation (RFC 2003)
No,
You can look at the offset at which the IP addresses of the
encapsulated IP packet are in the frame and compare it to the
encapsulated address as an octetsting.
Luis
On Nov 28, 2007 6:38 PM, Gianluca
I think the answer to this question is "no". Right?
Have a nice day
GV
- Original Message -
From: Sassone, Ed
To: [EMAIL PROTECTED]
Sent: Tuesday, November 27, 2007 1:36 PM
Subject: [Winpcap-users] Using filters with IP encapsulation (RFC 2003)
Hello.
Is there a way to use filter
her) bug in the BPF compiler
(wireless)
> Hi,
>
> On 26 Nov 2007, at 19:05, Gianluca Varenni wrote:
>
>> I don't know what the status of the libpcap 1.0/tcpdump 4.0 release
>> is,
>> but I'd like to hold on the release for a day or so.
>>
>>
- Original Message -
From: "Arien Vijn" <[EMAIL PROTECTED]>
To:
Cc: "Arien Vijn" <[EMAIL PROTECTED]>
Sent: Monday, November 26, 2007 10:13 AM
Subject: Re: [tcpdump-workers] (another) bug in the BPF compiler (wireless)
Hi,
On 26 Nov 2007, at 19:05,
Guys,
I don't know what the status of the libpcap 1.0/tcpdump 4.0 release is, but
I'd like to hold on the release for a day or so.
I've just found (another) bug in the BPF compiler for wireless link types. A
simple filter like "link src host 11:22:33:44:55:66" seems to discard all
the packet
Have a nice day
GV
smime.p7s
Description: S/MIME cryptographic signature
t; Changed title from "TCPDUMP public repository" to "TCPDUMP/LIBPCAP
public repository"
The new version can be accessed at http://www.tcpdump.org/index2.html
Please let me know what you think. If everyone is OK with the changes
I'll swap the current with this one.
It seems to work ok.
Thanks!
GV
- Original Message -
From: "Guy Harris" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, November 06, 2007 11:12 AM
Subject: Re: [tcpdump-workers] Patches for wlan filtering
Gianluca Varenni wrote:
I think I found the problem:
Yup, I just
- Original Message -
From: "Guy Harris" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, November 06, 2007 11:14 AM
Subject: Re: [tcpdump-workers] Patches for wlan filtering
Gianluca Varenni wrote:
I already noticed that the new BPF code doesn't check the
link-t
[new BPF code, CVS snapshot. Not working]
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[0]
(006) tax
(007) txa
(008) add #24
(009) st M[1]
(010) ldb [x + 0]
(011) jset #0x8 jt 12 jf 17
(012) jset #0x4
- Original Message -
From: "Guy Harris" <[EMAIL PROTECTED]>
To:
Sent: Monday, November 05, 2007 6:12 PM
Subject: Re: [tcpdump-workers] Patches for wlan filtering
On Nov 5, 2007, at 2:49 PM, Gianluca Varenni wrote:
I plan to compare this with the old versio
ay
GV
- Original Message -
From: "Ken Bantoft" <[EMAIL PROTECTED]>
To:
Cc: "Stephen Donnelly" <[EMAIL PROTECTED]>; "Guy Harris"
<[EMAIL PROTECTED]>; "Gianluca Varenni" <[EMAIL PROTECTED]>
Sent: Monday, November 05, 2007 5:47 PM
Checked in on HEAD and the libpcap_1_0 branch.
Thanks!
GV
- Original Message -
From: "Gisle Vanem" <[EMAIL PROTECTED]>
To: "tcpdump-workers"
Sent: Tuesday, November 06, 2007 6:04 AM
Subject: [tcpdump-workers] typo in pcap.c
--- CVS-Latest/pcap.c Wed Oct 17 17:52:41 2007
+++ pcap.
- Original Message -
From: "Guy Harris" <[EMAIL PROTECTED]>
To:
Sent: Monday, November 05, 2007 2:03 PM
Subject: Re: [tcpdump-workers] Patches for wlan filtering
Guy Harris wrote:
On Oct 30, 2007, at 3:42 AM, Guy Harris wrote:
I won't be able to fix that tonight, but, if we delay t
I think there are still problems.
www.tcpdump.org correctly resolves to the new IP address, but it's not
reachable at least from here in CA through AT&T/SBC.
A traceroute to www.tcpdump.org shows this
4 9 ms 8 ms 8 ms dist2-vlan50.scrm01.pbi.net [64.171.152.67]
5 8 ms 7
Guy,
thanks for taking care of this.
Have a nice day
GV
- Original Message -
From: "Guy Harris" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, October 30, 2007 3:42 AM
Subject: Re: [tcpdump-workers] Patches for wlan filtering
Gianluca Varenni wrote:
the attached pat
Since the plan is to release libpcap 1.0/tcpdump 4.0 at the end of the
month, I'm back (again) bugging people wrt a patch I submitted some time ago
for wireless filtering for which I didn't have any feedback.
The mail is archived here
http://article.gmane.org/gmane.network.tcpdump.devel/2268
Does windump capture with your modified wpcap.dll?
I think that debugging your new version of wpcap.dll with a simpler application
like windump or any of the samples in the winpcap developer's pack will ease
your development.
Also, I would use a debug version of wpcap.dll and attach a debugger
Ken,
is there a date for the release of tcpdump 4.0 and libpcap 1.0? I've
committed some mods to make libpcap 1.0 compile within WinPcap, I still need
a couple tweaks in tcpdump (some code related to signals was added in
tcpdump, and obviously that doesn't compile under windows).
Have a nice
As a matter of facts, libpcap includes files with more different licenses.
That's why for WinPcap I came out with the long license available at
http://www.winpcap.org/misc/copyright.htm
Consider that some of those licenses apply to Windows only (as some files
are included in the windows build,
ng... we'll hold off until your ready.
On Thu, 13 Sep 2007, Gianluca Varenni wrote:
After a quick compilation test, libpcap compiles ok (albeit with some new
warnings popping out from VC6).
tcpdump (0.9.x branch) has some problems, instead:
- print-rsvp.c doesn't compile as it's
- Original Message -
From: "Guy Harris" <[EMAIL PROTECTED]>
To:
Sent: Thursday, September 13, 2007 10:45 AM
Subject: Re: [tcpdump-workers] tcpdump 3.9.8 / libpcap 0.9.8 releases
Gianluca Varenni wrote:
After a quick compilation test, libpcap compiles ok (albe
Well, I've just pulled a couple include files out of BSD and now it compiles
under VC6. I still have some minor issues compiling everything under Cygwin,
but it's not related to PFVAR.
Have a nice day
GV
On Thursday 13 September 2007, Gianluca Varenni wrote:
...
-print-pflog.c:
indows. I can probably easily fix it by taking the
needed files from BSD, but it make take a couple hours to do that.
Can we delay the release of 0.9.8/3.9.8 until tomorrow?
GV
- Original Message -
From: "Gianluca Varenni" <[EMAIL PROTECTED]>
To:
Cc: "Mich
Ken,
I just got back from my vacation. I'd just like to test that the 0.9/3.9
branches of libpcap and tcpdump compile correctly under windows (within
winpcap and windump). I can do that this morning. Do I still have time for
that?
Have a nice day
GV
- Original Message -
From: "Ken
Uhm...
I agree with you. The server is either really slow or completely down.
Have a nice day
GV
- Original Message -
From: "Luis Martín García" <[EMAIL PROTECTED]>
To:
Sent: Monday, August 06, 2007 1:47 AM
Subject: [tcpdump-workers] Tcpdump web down?
Hi,
I've been trying to acce
[Posted again as it looks like the mail server rejected my 1st attempt]
No problem at all.
Talking about the website, would it be possible to fix the mailing list
archive (http://www.tcpdump.org/lists/workers/), as it's stuck at the end of
2006?
And finally, in the page at http://www.tcpdump.org
[Posted again as it looks like the mail server rejected my 1st attempt]
Is there any reason why the e-mail starts with
This email contains confidential material.
???
Have a nice day
GV
- Original Message -
From: "Automatic cvs log generator /tcpdump/bin/makelog" <[EMAIL PROTECTED]>
- Original Message -
From: "Michael Richardson" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, July 10, 2007 12:41 PM
Subject: Re: [tcpdump-workers] Patches for wlan filtering
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oh, stupid me.
I see the patch is already applied by you. I read th
Wasn't there supposed to be a x.9.7 release due a couple weeks ago, fixing
the issue?
Have a nice day
GV
- Original Message -
From: "Bruce M Simpson" <[EMAIL PROTECTED]>
To:
Sent: Friday, July 06, 2007 6:56 AM
Subject: Re: [tcpdump-workers] tcpdump v3.9.6 archive incorrect version ?
I guess it's some sort of TCP offloading done at the board level. The driver
sends big frames (>1500bytes) to the NIC card, and the NIC card is
responsible from creating smaller segments that are sent over the wire. I've
seen a similar behavior on Windows with some gigabit network cards (if i
r
It looks like it got released last week on the 13th, but no announcement was
sent out (I haven't received it, and it's notpresent in any of the working
mailing list archives).
This scares me a bit, as I was committing some fixes exactly the day after
the release...
Have a nice day
GV
-
Th
The attachment got somewhat dropped.
You can find it here
http://www.winpcap.org/gianluca/wlan_filtering.patch
GV
- Original Message -
From: "Gianluca Varenni" <[EMAIL PROTECTED]>
To:
Sent: Thursday, June 14, 2007 2:19 PM
Subject: [tcpdump-workers] Patches fo
Guys,
the attached patch fixes some of the problems in the current wlan code
generation of pcap_compile.
In particular it should fix these problems:
1. the 802.11 header size of a data frame has not a fixed size. When the QoS
bit is set in the subtype field (QoS DATA frame), the header is two
1 - 100 of 140 matches
Mail list logo
