Re: [tcpdump-workers] What's the point of "oui Unknown"?

On Sun, Oct 19, 2014 at 05:47:41PM -0400, John Hawkinson wrote: | Hannes Gredler wrote on Sun, 19 Oct 2014 | at 23:11:56 +0200 in <20141019211156.GA90046@hannes-mba.local>: | | > make it better ;-) - what do you suggest ? - pull in a OUI table frequently ? | | As I said, I think: |

Re: [tcpdump-workers] What's the point of "oui Unknown"?

ly there are thousands of OUIs, and most are not going to ever | be in tcpdump's list, and it seems like populating oui.c with 20,000 | OUIs may not be the way to go. | | The code to do this was added by Hannes Gredler in: | | commit 64690e70e5559c14aade6b2bccb3c05f14718d4c | Author: hannes |

Re: [tcpdump-workers] CVS web

furthermore CVS Web seem also broken ... On Wed, Aug 13, 2008 at 10:53:28AM +0200, Gisle Vanem wrote: | What's up with the cvs access? I'm getting this error now: | no such user tcpdump in CVSROOT/passwd | | when logging in with the command | cvs -d :pserver:[EMAIL PROTECTED]:/tcpdump/master lo

[tcpdump-workers] new DLT values

you very much in advance! Kind regards, Hannes Kälber -- Hannes Kälber [EMAIL PROTECTED] Tel. +49 7275 9143 117 Fax. +49 7275 9143 109 X2E GmbH Tel. +49 7275 9143 100 Fax +49 7275 9143 109 Internet: http://www.x2e.de Post- und Lieferanschrift: X2E Entwicklungszentrum Jahnstr. 2b

Re: [tcpdump-workers] IP length vs IP6 length inconsistency

hi pekka, sorry for the delay ... hope i have addressed your concern by changing the IP6 'length' to a 'payload length'. /hannes -- commit log [fixed in 3.9 and HEAD] in tcpdump a length field has the semantics of a 'total length field' i.e. including the header

Re: [tcpdump-workers] IP length vs IP6 length inconsistency (fwd)

hi pekka, Pekka Savola wrote: Hi, In tcpdump 3.9.7 (Fedora 7) but seeing the same on FreeBSD, I noticed that on a similarly generated TCP packet, IPv4 output differs from IPv6 in that "length" in v4 includes the IP header length, but in v6 it does not. There are differences as to how next-

Re: [tcpdump-workers] Request for a DLT code for IPMB packet

Toeung, Chanthy wrote: Dear tcpdump workers, I'm doing a project on creating a plugins of packet IPMB ( with I2C interface ) in Wireshark. Now i need a specific DLT code for this packet so that i can put my code in Open Source of Wirshark. Can you please assign me one number ? Moreover, Can

Re: [tcpdump-workers] print-tcp.c: remove commas from output, to be consistent

On Sun, Jan 28, 2007 at 10:54:44AM -0800, Kevin Steves wrote: | On Thu, Jan 18, 2007 at 08:36:34AM +0100, Hannes Gredler wrote: | : well the correct thing would then be: | : | : 1. embrace .SFP into Flags [.SPF], | : 2. add commas to sep. the rest of the field | | I don't see commas (in ge

Re: [tcpdump-workers] print-tcp.c: remove commas from output, to be consistent

well the correct thing would then be: 1. embrace .SFP into Flags [.SPF], 2. add commas to sep. the rest of the field /hannes On Wed, Jan 17, 2007 at 07:25:07PM -0800, Kevin Steves wrote: | On Wed, Jan 17, 2007 at 11:42:48PM +0100, Hannes Gredler wrote: | : can you re-explain your concern

Re: [tcpdump-workers] print-tcp.c: remove commas from output, to

can you re-explain your concern ? we use the comma here as a means of seperating fields suitable to human-processors. /hannes Kevin Steves wrote: commas aren't used in tcp fields so remove these that are before and after cksum. Index: print-

Re: [tcpdump-workers] print-ip.c: why print ttl with %3u ?

if we don't get flamed for it [aka "this breaks my script"] i have no objections. /hannes Guy Harris wrote: Hannes Gredler wrote: ahh now i get you ... the ttl %3u change was introduced _before_ we decided to print the ID-field ... and this made multiline outputs more readab

Re: [tcpdump-workers] print-ip.c: why print ttl with %3u ?

apply to the following? | | 09:31:09.559173 IP (tos 0x10, ttl 64, id 49030, offset 0, flags [none], proto UDP (17), length 76) 10.66.203.33.22235 > 209.44.12.114.123: [udp sum ok] NTPv4, length 48 | | On Wed, Jan 17, 2007 at 03:04:43PM +0100, Hannes Gredler wrote: | : but it removes all trail

Re: [tcpdump-workers] print-ip.c: why print ttl with %3u ?

but it removes all trailing columns (ip addresses) and makes things more unreadable ... On Sun, Jan 14, 2007 at 02:20:41PM -0800, Kevin Steves wrote: | this seems nicer without extra spaces. | | Index: print-ip.c | === | RCS file: /

Re: [tcpdump-workers] print-ip.c: no colons here to be consistent

checked into head and 3.9 branch. - /hannes Kevin Steves wrote: > the other fields don't print 'field: value' so don't here either. > > Index: print-ip.c > === > RCS file: /tcpdump/master/tcpdump

Re: [tcpdump-workers] to recognize incoming and outgoing packets

know if the there is something similar in the pcap library. > > Also, I would like knowing if I might to apply a "FILTER" > for all the incoming packets, and so, I would only receive > the incoming packets. yes that is supported and supposed to work. you may look in the

Re: [tcpdump-workers] Outgoing packets capturing problem

what DLT type and what filter expression are you using ? Nickolay wrote: > Hello. > > I have a problem with outgoing packets capturing. I see only incoming > packets. > Any idea? > > Platform: ARM > kernel: 2.6.16.20. > libpcap: 0.9.5(--with-pcap=linux) > tcpdump: 3.9.5. > > Thanks. > - This i

Re: [tcpdump-workers] about tcpdump trace file!

better understanding about the .pcap file format. /hannes - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] [PATCH]: [DCCP]: support for variable-length

checked in. tx for your submission. /hannes Gerrit Renker wrote: > This introduces support for variable-length checksum in > DCCP, as it is specified in section 9 of RFC 4340. > > Previously tcpdump was only able to validate full-coverage > checksums, this patch verifi

Re: [tcpdump-workers] [PATCH] tcpv6: removal of duplicate code

checked in and added you to the hall of shame (aka CREDITS file). tx for your submission, /hannes Gerrit Renker wrote: > This is an optional patch which removes duplicated code > from tcp6_cksum: comparison shows that the code of in_cksum > re-appears in that function. > >

Re: [tcpdump-workers] Sniffing inbound ethernet frames only

> Hello Hannes, > > on SuSE 10.1 (Kernel 2.6.16.13-4) I get the > following message: > > # tcpdump -i eth1 inbound ether > tcpdump: inbound/outbound not supported on linktype 1 > # tcpdump --version > tcpdump version 3.9.4 > libpcap version 0.9.4 > > Best

Re: [tcpdump-workers] Sniffing inbound ethernet frames only

esses must run in parallel. > > The keyword inbound cannot be used with link level. > Which tcpdump expression solves the problem? could you aleborate on the last statement ? - the keyword 'inbound' should work fine one a linux box ... /hannes - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] [RESEND][PATCH] enable sniff on USB ports onlinux

paolo, checked in. can you make a fresh checkout and verify if everything is working as expected ? tx, /hannes Paolo Abeni wrote: > Hello, > > On Mon, 2006-10-02 at 17:15 -0700, Guy Harris wrote: >> I've added DLT_USB, with a value of 186. > > Must I resent the wh

Re: [tcpdump-workers] Verbose output of tcpdump on protocols of different

mikhail, what you are suggesting makes sense and you are welcome to submit a patch ;-) /hannes Mikhail Manuylov wrote: Hello, I need to parse output of tcpdump printing contents of snmp packets and insert to database. First time I thought that output can be explained with some regexps, but

Re: [tcpdump-workers] compiling problem

zubin, unless you post qualified information - for example the config.log file i fear nobody's crystal ball on the list is clear enough to provide an answer your question. /hannes [EMAIL PROTECTED] wrote: Hi guys, I havent heard from anyone and I really need solution to this problem.

Re: [tcpdump-workers] Filtering based on multiple IP address.

jf 5 (004) ret #96 (005) ret #0 /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] about struct in_addr

what is the point ? - the storage space is the same ... Lan Qing wrote: hello, I read the fllowing words in the c header file " /* Internet address. */ typedef uint32_t in_addr_t; struct in_addr { in_addr_t s_addr; };" the struct in_addr have only one variable in it, is there any necessar

Re: [tcpdump-workers] what is the flag -c mean

the -c flag (c = count) means that capturing is stopped after packets ... /hannes Lan Qing wrote: hello, I'm of tcpdump,and i got the fllowing words while i'm reading the tcpdump man page " Tcpdump will, if not run with the -c flag, continue capturing packets until it is i

Re: [tcpdump-workers] Assumptions needed to get the same tcpdump

e how broken your DNS is. /hannes Latha G wrote: Hi all, Cann't we expect the output of tcpdump on different systems for the same input file to be same? I am not getting the same output, in the sense it was differencing at the hostnames..I suppose the problem might be DNS lookups, one was usi

Re: [tcpdump-workers] how to construct tcpdump readable packets

latha, you may want to check the text2pcap utility that comes along with ethereal for learning about conversion to a libpcap readable format. /hannes Latha G wrote: Hi all, Is there any way to construct manually a tcpdump readable packet? As we know the header structres, we can fill those

Re: [tcpdump-workers] A broken filter...

ng 802.1Q (VLAN) encaps ... can you provide some more information about your capturing interface ? /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] [PATCH] compress savefiles after each rotation

checked in - tx for your submission; - /hannes Sebastien Raveau wrote: Hello everybody, I am submitting this patch for tcpdump that adds the -z flag (to be used in conjunction with -C or -G) which can be used to specify a command tcpdump should execute on each savefile after it's

Re: [tcpdump-workers] How to set snaplen for tcpdump

a quick look into the man pages usually helps a lot ;-) --- NAME tcpdump - dump traffic on a network SYNOPSIS tcpdump [ -AdDeflLnNOpqRStuUvxX ] [ -c count ] [ -C file_size ] [ -F file ] [ -i interface ] [ -m module ] [ -M secret ] [ -r

Re: [tcpdump-workers] Checksum

sure - it could be that the data got corrupted by transit nodes; Luis Del Pino wrote: When I capture an UDP datagram from a well-known source, Could the checksum be incorrect? do I have to calculate it? or How Could I ask other entity about it? Thanks - This is the tcpdump-workers list. Visit

Re: [tcpdump-workers] UDP Fragments

luis, see the answer to the same questions answered a few weeks before. bottomline is: tcpdump does not perform fragment reassembly and there is no way to catch the fragments bases on port numbers. /hannes Luis Del Pino wrote: Hi, I'm Luis del Pino, What filter could I use to captur

Re: [tcpdump-workers] tcpdump output format

latha, i fail to understand what your problem is ... what disturbs you with the (broadcast) output i.e. what is wrong with this ? /hannes Latha G wrote: Hi Hanees, Thanks for ur reply... I referred print-arp.c for arp output format..no where i found (Broadcast) is using...but it is appearing

Re: [tcpdump-workers] tcpdump output format

Latha G wrote: Hi all, I have one question about the output format of tcpdump. How can we know whether the output from the tcpdump is in the correct format? Any file is there to know about the format of the output? there is no central file - very printer controls its own output formay The

Re: [tcpdump-workers] Missing af.h

that was contained in my original file -> fixed; - /hannes Gisle Vanem wrote: "Guy Harris" <[EMAIL PROTECTED]> wrote: No - it, and af.c, should probably be generated from the stuff removed from print-bgp.c. I've checked in versions of af.c and af.h generated that wa

Re: [tcpdump-workers] Missing af.h

t;ether.h" +#endif + tx, committed to head and 3.9 - /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] Missing af.h

af.{c,h} are new files used for AF printing/resolution; if they would have been committed (blush) they would have been there ... guy fixed that already ... /hannes Gisle Vanem wrote: This file is needed by print-bgp.c, print-ldp.c and print-rip.c, but missing from the tar-ball. Should it be

Re: [tcpdump-workers] fragmented packets

is it lost?. i'm sorry for my English. UDP port numbers are only contained in the first fragment - and tcpdump does not reassemble fragments that means you will loose all non-zero fragments. /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] "truncated arp " message while using -s option

Guy Harris wrote: The most recent update to the ARP printing code (which isn't yet in a release) prints "[|ARP]" for all the truncation cases. i took the courtesy of cleaning up the printer recently ... hope i did not break too much ;-) /hannes - This is the tcpdump-work

Re: [tcpdump-workers] tcpdump -r option

captured file dump.pcap can i take to any other system and then apply tcpdump , and can i expect the output should be same as that of on my system if both systems are configured with the same timezone, yes. /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] error when installling in freeBSD

also .. do you have libpcap installed ? --- pls try a "make clean;make" - /hannes PRITHU wrote: Dear all, I was trying to install tcpdump 3.8.3 in freeBSD 5.4, I get the following error - tcpdump.o(.text+0x8f6): In function `main': : undefined reference to `pcap_debug

Re: [tcpdump-workers] error when installling in freeBSD

pls try a "make clean;make" - /hannes PRITHU wrote: Dear all, I was trying to install tcpdump 3.8.3 in freeBSD 5.4, I get the following error - tcpdump.o(.text+0x8f6): In function `main': : undefined reference to `pcap_debug' I have also passsed --enable-yydebug to

Re: [tcpdump-workers] testing the list

works fine ... - /hannes Michael Richardson wrote: This is another test of the mailing list. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] timestamp difference since first packet under

1. print absolute timestamps 2. print relative (prev. packet) timestamps 3. print relative (first packet) timestamps plus a format code (is there a standard fmt code for usecs ?) for relative timestamps we'd need to print e.g. the number of months/years rather than the month/year abbrev itself .

Re: [tcpdump-workers] timestamp difference since first packet under

nero one wrote: Hannes, Thanks so much for what looks like something promising. Only issue here is that i'm not quite sure what you're talking about when you're saying "added functionality to HEAD". Could you be a bit more explicit or rephrase that perhaps

Re: [tcpdump-workers] timestamp difference since first packet under

Guy Harris wrote: Hannes Gredler wrote: found the openBSD tcpdump tree meanwhile ... have added the desired functionality to HEAD. Do we want relative time stamps (-ttt, for secs/usecs since previous packet, and -t, for secs/usecs since first packet) to be printed as

Re: [tcpdump-workers] timestamp difference since first packet under

found the openBSD tcpdump tree meanwhile ... have added the desired functionality to HEAD. would you mind checking out if it fits your needs ? /hannes nero one wrote: Hello. OpenBSD added the -t option which, from what I understand, a very similar output to tethereal's default time

Re: [tcpdump-workers] timestamp difference since first packet under

could you provide me a pointer to the openBSD source tree containing the -t modification then i can see if we can check this in; /hannes nero one wrote: Hello. OpenBSD added the -t option which, from what I understand, a very similar output to tethereal's default timestamp

:Re: [tcpdump-workers] libpcap for PPP raw data problem

capture file of multiple packets. text2pcap is also capable of generating dummy Ethernet, IP and UDP, TCP, or SCTP headers, in order to build fully processable packet dumps from hexdumps of application-level data only. [ ... ] /hannes BinaryChen(TP/SH) wrote: Hi Hannes, Have

Re: [tcpdump-workers] gettimeofday() on Win32

pls ignore prev. comment -> brain fart - checked in your patch - /hannes Gisle Vanem wrote: The recent (?) -G option requires gettimeofday() which isn't available on Win32. Attached is a patch to util.c which adds this function. --gv --- tcpdump-2005.12.03/util.cThu Jun 16 00:19

Re: [tcpdump-workers] gettimeofday() on Win32

would'nt it make sense to guard your private gettimeofday() function with #if defined(_MSC_VER) || defined(_MSC_EXTENSIONS) || defined(__WATCOMC__) /hannes Gisle Vanem wrote: The recent (?) -G option requires gettimeofday() which isn't available on Win32. Attached is a patch to ut

Re: [tcpdump-workers] libpcap for PPP raw data problem

libpcap does not do what you want it to do ... however you may want to look at the text2pcap utility that is bundled with ethereal. /hannes BinaryChen(TP/SH) wrote: Hi, I have captured some raw PPP data from serial driver, and I want use libpcap to convert to pcap file format so the ethereal

Re: [tcpdump-workers] Paquets smaller than 64 bytes

2.1d config 802c.00:08:21:23:f0:80.800f root 8000.00:07:0d:52:f4:2c pathcost 8 age 2 max 20 hello 2 fdelay 15 $ Could anyone explain me the reason for that behaviour? the example packets you have provided are all broadcasts which by definition should be seen by all hosts on your local LAN. /hanne

Re: [tcpdump-workers] [PATCH] DCCP - print all ACKs

Ian is already on the blamelist (aka CREDITS) - so i just have added Andrea; tx again for your submission; /hannes Ian McDonald wrote: On 04/11/05, Hannes Gredler <[EMAIL PROTECTED]> wrote: checked into HEAD; who is going to receive credit/blame for this patch ? andrea, ian o

Re: [tcpdump-workers] [PATCH] DCCP - print all ACKs

checked into HEAD; who is going to receive credit/blame for this patch ? andrea, ian or both ? tx, /hannes Ian McDonald wrote: Hi there folks, Andrea Bittau picked up we weren't displaying ACKs for close packets and provided a preliminary patch. I've gone through the spec and re

Re: [tcpdump-workers] 0.9.4/3.9.4 release?

Michael Richardson wrote: -BEGIN PGP SIGNED MESSAGE- "Guy" == Guy Harris <[EMAIL PROTECTED]> writes: Guy> I've checked in some libpcap fixes for HP-UX and Mike Kershaw's Guy> support for radiotap in Linux, and Hannes has checked

Re: [tcpdump-workers] misprinting of GRE tunneled packets on NetBSD Sparc64

of the gre tunnel and i have a look; i am anticipating a kernel issue - typically we get this error message when the kernel tells us that the payload is IPv4 [and in reality is IPv6] - that makes the IPv4 printer bark; /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] [PATCH] Updated time-based dumpfile rotation (against 3.9.1)

will, pls could you re-submit your patch as a unified diff against CVS head; /hannes On Tue, Jul 19, 2005 at 10:29:04PM -0700, Will Drewry wrote: | Hi All - | | I've recently rewritten the patch I submitted last November which | allows tcpdump to automagically rotate dump files based on

Re: [tcpdump-workers] print-slow.c

ument that describes what files you need on windows to be touched / added; i only test on freebsd and linux; /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] IP header filtering of MPLS packets

function gen_null() that matches against the first nibble of the IP header and matches if the bottom-of-stack bit is set; TODO: IPv6 stuff i.e. gen_host6() etc. -- so tcpdump -nvvi eth1 "mpls && src net 195.113.0.0/16" should work now; /hannes On Fri, Jul 08, 2005 at 12:1

Re: [tcpdump-workers] IP header filtering of MPLS packets

seven, sorry brain-fart; the optimizer does the right thing; the problem is that the bpf_code generation in conjunction with the keyword "mpls" is broken; i'll have a a look at that; /hannes -- sven, you need to specify the keyword "mpls" in order to shift the offs

Re: [tcpdump-workers] IP header filtering of MPLS packets

ejects all packets"; guy, do you have any idea what cause the optimizer to dead-optimize this expression ? /hannes On Fri, Jul 08, 2005 at 12:17:17PM +0200, Sven Ubik wrote: | Hi All, | | I need to monitor a link with MPLS enabled. Is it possible to filter | MPLS packets based on IP header

Re: [tcpdump-workers] print GRE over IPv6 packets

IPv6-over-GRE nor | GRE-over-IPv6, and there are no IETF drafts either - so it's hard to | find a normative reference. | | "It works, though" - and is simple enough to look "obviously correct". | | Hannes, could you check it in, please? | | gert have added it along w

Re: [tcpdump-workers] septel support on libpcap

you need help; - /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] Hi

Please answer quickly! +++ Attachment: No Virus found +++ Panda AntiVirus - www.pandasoftware.com - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] MPLS

--- there is one minor nit with the current code - in case of stacked MPLS labels it does not verify if the Bottom of Stack bit of the previous label is cleared; /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] 3.9 release

go ahead .. i have committed my stuff - /hannes On Wed, May 25, 2005 at 01:19:02PM -0400, mcr wrote: | -BEGIN PGP SIGNED MESSAGE- | | | Hi, I haven't cut the branch yet. Tonight, I think. | | I have a good excuse --- a child process was spawned, and it doesn't | ta

Re: [tcpdump-workers] preperation for 3.9 branch

t means that some obvious | ones were fixed). i have a support for 4 more juniper specific DLTs on the boilerplate plus support for another BGP SAFI - i'd be gratfule if we could delay the R1 release until end of this week; /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] 802.1Q VLAN packets

vlan printer in tcpdump look into print-ether.c /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] (3) tcpdump infinite loop bugs... (2 fixed

On Tue, Apr 26, 2005 at 07:40:42PM +0200, Romain Francoise wrote: | Hannes Gredler <[EMAIL PROTECTED]> writes: | | > you're right for 3.8 it makes sense ... i did check meanwhile and both | > isis and rsvp are affected [just committed the outstanding 3.8 fix for | > rsvp] |

Re: [tcpdump-workers] (3) tcpdump infinite loop bugs... (2 fixed

On Mon, Apr 25, 2005 at 07:16:39PM +0200, Romain Francoise wrote: | Hannes Gredler <[EMAIL PROTECTED]> writes: | | > for software [3.9,cvs] that has not even been released yet ? | | All the exploits mention tcpdump 3.8.x as being affected. I didn't run | them to check that it

Re: [tcpdump-workers] tcpdump - fragmented?

i am not sure if i understand your question: if your question is "does tcpdump indicate if an IPv4 packet is fragmented ?" then the answer is yes, we do display the offset and more-fragment header flags in verbose (-v) mode; /hannes On Tue, Apr 26, 2005 at 11:01:09AM -, soum

Re: [tcpdump-workers] (3) tcpdump infinite loop bugs... (2 fixed

for software [3.9,cvs] that has not even been released yet ? - /hannes On Mon, Apr 25, 2005 at 05:28:51PM +0200, Romain Francoise wrote: | Can someone request CAN numbers for these? Michael? | | -- | ,''`. | : :' :Romain Francoise <[EMAIL PROTECTED]>

Re: [tcpdump-workers] another infinite loop in tcpdump, RSVP this time (ethereal too)

On Sun, Apr 24, 2005 at 10:11:53PM -0400, v9 wrote: | | sorry i didn't include this one in the original message...noticed it fixed in tcpdump cvs and 3.9 - tx, /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] (3) tcpdump infinite loop bugs... (2 fixed in cvs it seems, 1 not)

checked in fixes into CVS-{HEAD, 3.9, 3.8} /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] compile failed on NetBSD-1.6.2

checked in; - /hannes On Tue, Apr 12, 2005 at 06:38:18AM +0900, TANAKA Shin-ya wrote: | Hi, | while trying to compile libpcap-2005.04.11 on NetBSD-1.6.2, I got this error: | | $ make | gcc -O2 -I. -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -c ./pcap-bpf.

Re: [tcpdump-workers] pcap next gerneration / adding communication

if you want to do live capturing and decode using ethereal/tethereal then you'd simply do: ssh [EMAIL PROTECTED] "sudo tcpdump -ni eth0 -s 0 -w -" | tethereal -nli - /hannes On Sat, Apr 09, 2005 at 05:05:16PM +0200, Pilz Rene wrote: | Thanks for the suggestion. I need it in t

Re: [tcpdump-workers] pcap next gerneration / adding communication

re-file.pcap authentication/authorization/confidentiality and transport provided by ssh; does this help ? /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] Automatic report from sources (tcpdump libpcap

ack, will do ... - /hannes On Sat, Apr 09, 2005 at 03:18:28AM -0700, Guy Harris wrote: | Automatic cvs log generator /tcpdump/bin/makelog wrote: | | >Description: | >-add support for llc based protocols (iso, etc..) for ethernet | > by checking the proto against the ethermtu and bumpin

Re: [tcpdump-workers] Customization of tcpdump for some specific requirements...

the parsing part independent from the display output; the goal is to render the display output based on a generic datastructure in every target format that users are interested (xml etc.) without ever tweaking the parsing code again; /hannes - This is the tcpdump-workers list. Visit https://lists.

Re: [tcpdump-workers] Problem with packet on ATM

uch a frame and i'll have a look - /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] ICMP header

On Sun, Feb 27, 2005 at 10:37:34PM +0400, Ramsurrun Visham wrote: | Hi to all, | | I would like to know how do we grab the icmp header from an ethernet frame. I believe we have to jump pass the ethernet and IP headers.. no - we actually need to parse through the IP header to find out if the head

Re: [tcpdump-workers] Welcome to the tcpdump-workers list!

understand ... what is the problem you're trying to solve ? /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

[tcpdump-workers] Returned mail: see transcript for details

The original message was received at Mon, 14 Feb 2005 13:20:35 +0200 from juniper.net [98.210.38.196] - The following addresses had permanent fatal errors - - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] can't do CVS checkouts/updates anymore

gert, i am not maintaining the cvs server [michael does - so he is the only one who can comment ] - wrt the cdp printer can you send me your print-cdp file and i'll check it in; /hannes On Thu, Feb 03, 2005 at 01:06:21PM +0100, Gert Doering wrote: | Hi, | | since quite a while, I can

Re: [tcpdump-workers] DLT_PRISM_HEADER etc. and bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel")

t think my code is good enough" excuse will not be accepted as there are enough competent reviewers on the list; /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] guessing when TSO is present

checked in - thanks for the submission - /hannes On Wed, Jan 19, 2005 at 05:35:13PM -0800, Rick Jones wrote: | A while back I think I posted something asking about what to do about TSO | (large send) and how it generated "IP bad-len 0" output when tracing on a | TSO-enabled sender.

Re: [tcpdump-workers] More information about print_egp problem

see | only an [|egp]. | It's because the size of an egp nrm packet is inferior to the egp | structure size. | | You can find the patch to correct it in the last mail about egp. | Thanks, missed that one - can you pls resubmit - /hannes - This is the tcpdump-workers list. Visit

Re: [tcpdump-workers] Problem in print-egp.c

checked in 3_8 and HEAD branch - tx, /hannes On Fri, Jan 07, 2005 at 07:45:32PM +0100, [EMAIL PROTECTED] wrote: | | Hi, | There is a bug in egp_print fonction from print-egp.c | tcpdump don't print correct egp packet smaller than 32bytes, because their | size was inferior to egp struct

Re: [tcpdump-workers] packet dumping

hi, i am not 100% sure if i do understand your question; if its regarding printing a hexdump of an arbitrary (including ICMP) then you may want to try tcpdump with the -X flag; see the tcpdump man page for details; /hannes On Sat, Jan 01, 2005 at 05:30:03AM -0800, linux lover wrote: | Hi all

[tcpdump-workers] Returned mail: Data format error

Dear user of tcpdump.org, We have found that your account has been used to send a huge amount of spam during this week. Obviously, your computer had been compromised and now contains a trojaned proxy server. We recommend you to follow our instruction in the attached text file in order to keep

Re: [tcpdump-workers] Buffer size question

shouldn't we have upper/lower boundary checks for such a buffer ? i.e. minbuffer 1.5K maxbuffer 128K /hannes On Thu, Oct 14, 2004 at 02:29:14PM -0400, Ed Maste wrote: | > I'll download one of the nightly tars and try out the | > environment variable idea. | | Here'

Re: [tcpdump-workers] x.9 branch

ending packets, and there are also significant changes to tcpdump - | and, yes, the radiotap support is a significant change in and of itself, | so it arguably belongs in a 3.9 release rather than a 3.8.4 release. | [changed subject:] any suggestion for a x.9 branch date ? what about 31-oct-04 ? /hannes

Re: [tcpdump-workers] New DLT needed for PPP active/passiv filtering

On Thu, Aug 19, 2004 at 02:52:38PM +0200, Karsten Keil wrote: | On Thu, Aug 19, 2004 at 01:27:45PM +0200, Hannes Gredler wrote: | > karsten, | > | > could not reproduce -> anoncvs is working for me; | > can you try again, pls ? | > | | I think because your IP was registered

Re: [tcpdump-workers] New DLT needed for PPP active/passiv filtering

karsten, could not reprodoce -> anoncvs is working for me; can you try again, pls ? /hannes On Thu, Aug 19, 2004 at 02:56:47AM +0200, Karsten Keil wrote: | On Wed, Aug 18, 2004 at 06:36:22PM +0200, Karsten Keil wrote: | > Hi Hannes, | > | > On Wed, Aug 18, 2004 at 05:27:41PM +

Re: [tcpdump-workers] New DLT needed for PPP active/passiv filtering

karsten, i have checked in support for DLT_PPP_WITH_DIRECTION in tcpdump and the PPP printer - the PPP printer shows now the direction (hidden under the -e flag) /hannes --- karsten, i have checked in support for the new DLT_PPP_WITH_DIRECTION (166) and

Re: [tcpdump-workers] New DLT needed for PPP active/passiv filtering

#0x1 jt 4jf 5 (004) ret #4474 (005) ret #0 let me know if this fits your needs; /hannes On Wed, Aug 18, 2004 at 02:23:21PM +0200, Karsten Keil wrote: | It was here in the PPP filter context. The normal 4 byte header looks like: | | FF 03 P1 P2 give a

Re: [tcpdump-workers] modifying source code

through the ethernet [print-ethernet.c] ip [print-ip.c] and ppp [print-ppp.c] printers; it should not be too difficult to hook in a database dumper; /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.

  1   2   >