Re: [tcpdump-workers] Trace conversion.

Hi Paul, i think this will accomplish what you want: # tcpdump -ln ip| awk '{print $1,",", $5}' | sed 's/\.[0-9]*:$//' this won't work with icmp though... -alexm 16:11 17/09/2004 On Fri, 17 Sep 2004, Paul Berube wrote: > > Hi. > > I think I have a simple problem, but I can't seem to find a si

[tcpdump-workers] performance considerations

Hi, i'm building a list of tunable parameters for capturing packets using libpcap. the goal is to have as little dropped packets as possible. i have these assumptions: - the capture is done on a very busy ethernet network [infinitely busy]; - the user is stuck with an OS (say FreeBSD); - the user

Re: [tcpdump-workers] filtering port ranges

Hi Ed, this is strange, because at least: # tcpdump tcp[0:2] \> 1 and tcp[0:2] \< 79 # tcpdump 'tcp[0:2] > 1 and tcp[0:2] < 79' both correctly work for me on # tcpdump -V tcpdump version 3.6 libpcap version 0.6 and # ./tcpdump -V tcpdump version 3.8 libpcap version 0.7.2 could it be your she

Re: [tcpdump-workers] libpcap on AIX 5.2

hi, not sure this will help, but try adding "-lodm" to your cc command. the libpcap should have been already compiled with -lodm... -alexm 13:37 29/07/2004 On Thu, 29 Jul 2004, Lowrie, Tom wrote: > Greetings, > > I have a 43P Model 150 rs/6000 running AIX 5.2.0.0 ML 03, using C For AIX 6.0 > wi

[tcpdump-workers] jump to a packet flag

hallo, any interest in having a -j flag in tcpdump? the flag would simply jump over the specified number of packets. it may be useful when reading dumps with -r flag. it may also be useful in conjuction with -c flag to isolate certain interval from a dump. a callback function called spin() could

[tcpdump-workers] print-gre.c INET6

hi, i think print-gre.c needs a #ifdef INET6 around case ETHERTYPE_IPV6: ip6_print(bp, len); break; otherwise tcpdump does not build if compiled without ipv6 support. but who does that anyway? :) thanks, -alexm 13:21 01/07/2004 - This is the tcpdump-wor

Re: [tcpdump-workers] Data from packet dissector looks really weird

hallo, from the ether_ntoa man page: The string is returned in a statically allocated buffer, which subsequent calls will overwrite. maybe a strcpy() after each call will solve it? :) -alexm 13:42 29/06/2004 On Tue, 29 Jun 2004, Claudio Lavecchia wrote: > > /* LOOK AT THIS CAREFULLY!!!*/ > sr

Re: [tcpdump-workers] pcap filter for 802.11

bounced from the [EMAIL PROTECTED] as "user unknown" -- Forwarded message -- Date: Fri, 16 Apr 2004 16:02:18 -0500 (CDT) From: alex medvedev <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [tcpdump-workers] pcap filter for 802.11 you also need to put t