On Jul 1, 2004, at 12:08, [EMAIL PROTECTED] wrote:
> > tcpdump doesn't have any specific facility to handle fragmented
> > packets,
> > as far as I know (it cannot reassemble the fragments).
>
> That capability could be added (Ethereal supports it), although, if
> provided, it should be an option
On Jul 1, 2004, at 2:50 AM, [EMAIL PROTECTED] wrote:
tcpdump doesn't have any specific facility to handle fragmented
packets,
as far as I know (it cannot reassemble the fragments).
That capability could be added (Ethereal supports it), although, if
provided, it should be an option (as reassembly
> > You could write a BPF expression to match a particular packet id#.
> >
>
> How should I do this? I don`t know a specific packet id. What I would have
> to do is to compare each packet id with the ones received earlier and I must
> store it to compare with ones received later. With that whole
> In some email I received from Hans Klute, sie wrote:
> [ Charset ISO-8859-1 unsupported, converting... ]
> > Hi!
> >
> > I just realized a bug/feature of pcap that I didn?t think of.
> > I wrote a sniffer based on pcap. This sniffer can handle fragmented IP
> > packets. Now I realized that if yo
In some email I received from Hans Klute, sie wrote:
[ Charset ISO-8859-1 unsupported, converting... ]
> Hi!
>
> I just realized a bug/feature of pcap that I didn?t think of.
> I wrote a sniffer based on pcap. This sniffer can handle fragmented IP
> packets. Now I realized that if you set up a fil
Hi!
I just realized a bug/feature of pcap that I didnĀ“t think of.
I wrote a sniffer based on pcap. This sniffer can handle fragmented IP
packets. Now I realized that if you set up a filter with a UDP or TCP port,
you will not get the additional fragments, because in these packets there
are no UDP/
