ated to my
> atheros-card?
>
>
> Gruss Christian
>
> ---- Original-Nachricht
> > Datum: Fri, 15 Feb 2008 08:49:10 -0600 (CST)
> > Von: alexander medvedev <[EMAIL PROTECTED]>
> > An: tcpdump-workers@lists.tcpdump.org
> > Betreff: Re: [tcpdum
Christian,
what happens, if you listen on the interface using tcpdump?
do you get 802.11 frames or do you get ethernet frames?
i.e. is RFMON on?
-alexm
08:47 15/02/2008
On Fri, 15 Feb 2008, Christian Stalp wrote:
> In the mean time I found some hint.
> I did not told you that my program is m
Hi,
I am also interested in when libpcap 1.0 will be out.
Could I know more about its features?
Will it support the next generation dump format?
Is there a CVS tree which has a beta version?
i'd appreciate any insights.
thank you,
-alexm
10:45 30/01/2008
-
This is the tcpdump-workers list.
Vi
hallo,
i am wondering whether tcpdump should print rpc xid numbers instead of TCP
port numbers in TCP NFS packets.
check out the port numbers in the following dump:
12:27:39.078026 IP x.x.99.25.5001 > x.x.99.26.5002: . ack 29 win 65535
12:27:39.088348 IP x.x.99.26.5001 > x.x.99.25.2049: . ack 70
Hi,
i am trying to figure out how seriously one should consider the new format
and the extra useful information it supplies to the user.
here is my understanding of the current state of pcap-ng.
please, correct me, if i am wrong:
- the format for pcap-ng is somewhat finalized and has not changed
d by libpcap).
>
> At the moment the only experimental implementation of pcap-ng is given by
> the NTAR library, available at
>
> http://www.winpcap.org/ntar
>
> Have a nice day
> GV
>
>
>
> - Original Message -
> From: "alexander medvedev" <
Hi,
where can i find the libpcap-ng's source [if there is any]?
thanks!
-alexm
10:57 03/01/2006
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Hi Michal,
the program looks ok and it compiled and ran on my sparc debian printing
"callback" on each packet (i had to use eth0 as the interface, but it
should not matter).
maybe you could recompile libpcap with your current libc and make certain
that gcc finds the new libpcap, i.e. set LD_LIBRAR
hi,
if i understand correctly, you would like to get all traffic except for
packets from network 10.x.x
# tcpdump net not 10
this will filter out packets whose addresses contain 10.x.x.x.
-alexm
22:09 09/08/2005
On Mon, 8 Aug 2005, Black, Michael wrote:
> I'm trying to set up some monitoring
hallo,
i didn't go into much detail but for a start:
i'd make "pcap_t *pfd" global and change:
if (!(pcap_open_live(iface, snaplen, 0, -1, errbuf)))
to
if ((pfd = pcap_open_live(iface, snaplen, 0, -1, errbuf)) != NULL)
this should get you started :-)
good luck,
-alexm
23:16 18/06/2005
On Sun,
Hi,
you may want to look in print-802_11.c file of the tcpdump source.
or you are talking about some "other" wireless?
-alexm
18:55 13/05/2005
On Fri, 13 May 2005, prabhakaran amith wrote:
> how do i decode wireless packets after capturing
> them.i dont know how to write the stucture for
> wire
Hallo,
Which of the two (BPF or DLPI) will generally give you better performance?
Particularly, i am looking to reduce the number of dropped packets.
Will DLPI capture even report captured/dropped packet count?
Thanks,
-alexm
10:58 11/05/2005
-
This is the tcpdump-workers list.
Visit https://li
Hi Soumya,
aren't you printing the first two bytes of the payload in hex rather than
the payload itself?
printf("\tPayload:%x\n",(u_char *)(packet + size_ethernet + size_ip +
size_tcp));
you probably want to look what tcpdump's -X flag does.
-alexm
11:14 05/05/2005
On 5 May 2005, soumya r wro
Hi,
I would like to compile a list of AIX's bpf flaws and lacking features.
1. non-blocking read does not work;
2.
thanks for your input,
-alexm
22:16 28/04/2005
On Wed, 27 Apr 2005, Guy Harris wrote:
> Gali Diamant wrote:
>
> > I expected pcap_dispatch to return since we have set
> > the ha
Hi,
i am trying to minimize the dropped packet count, which maybe due to a too
small buffer in the BPF driver.
are there any bad implications of setting the BPF buffer size to 1meg and
hardcoding pcap-bpf.c to use the buffer size of 1meg?
[wasting kernel memory does not count.]
thanks!
-alexm
1
hi Stefan,
can you send us more information about the capture:
- what OS the dump was collected on;
- "od -x | head" output;
- what OS are you trying to read it on?
this will make it easier for readers to make educated guesses and maybe
give you leads.
thanks!
-alexm
00:12 18/03/2005
On Wed, 16
it's not a piece of code but still may be helpful:
int pcap_lookupnet(char *device, bpf_u_int32 *netp,
bpf_u_int32 *maskp, char *errbuf)
pcap_lookupnet() is used to determine the network number and mask
associated with the network device device. Both netp and maskp are
bpf_u_in
17 matches
Mail list logo
