On Apr 8, 2011, at 7:51 PM, Darren Reed wrote:
> Printing PPI packets with tcpdump does not turn out
> to be that hard.
>
> My simple tests have produced the output as below.
Your simple tests were with invalid PPI files; as the PPI spec:
http://www.cacetech.com/documents/PPI%20Header
On May 5, 2011, at 5:20 PM, Darren Reed wrote:
> In the breakup where you were suggesting 10 bits that could be an
> organization ID, reserve "0" for the publicly recognised set
That's already done (implicitly, by virtue of those bits being 0 in existing
LINKTYPE_ values, and explicitly as wel
On 5/05/11 05:09 PM, Guy Harris wrote:
On May 5, 2011, at 4:54 PM, Guy Harris wrote:
On May 5, 2011, at 2:45 PM, Darren Reed wrote:
Looking through it, the first observation I'd make is that there should not
have been any 16 bit fields. The one that concerns me most is the IDB whi
On May 5, 2011, at 4:54 PM, Guy Harris wrote:
> On May 5, 2011, at 2:45 PM, Darren Reed wrote:
>
>> Looking through it, the first observation I'd make is that there should not
>> have been any 16 bit fields. The one that concerns me most is the IDB which
>> has a 16bit link type.
>
> We could
On May 5, 2011, at 2:45 PM, Darren Reed wrote:
> Looking through it, the first observation I'd make is that there should not
> have been any 16 bit fields. The one that concerns me most is the IDB which
> has a 16bit link type.
We could add an "enhanced IDB" with a 32-bit LinkType field.
> On
On 5/05/11 01:42 PM, Guy Harris wrote:
On May 5, 2011, at 1:38 PM, Darren Reed wrote:
In terms of pcap, I'm becoming more and more of the opinion that DLT_PPI should
not be used for anything other than DLT_IEEE802_11.
Sounds good to me.
Why am I not very interested in pcap-ng
On May 5, 2011, at 1:38 PM, Darren Reed wrote:
> In terms of pcap, I'm becoming more and more of the opinion that DLT_PPI
> should not be used for anything other than DLT_IEEE802_11.
Sounds good to me.
> Why am I not very interested in pcap-ng?
> "The pcapng file format specification is still
On 5/05/11 11:35 AM, Guy Harris wrote:
On May 5, 2011, at 11:28 AM, Darren Reed wrote:
I see - you're concerned about how do you make "tcpdump icmp" work when the
link type is PPI (or pcap-ng)
Presumably meaning "when the link type is PPI or when the file is a pcap-ng
file" (pcap-
On May 5, 2011, at 11:28 AM, Darren Reed wrote:
> I see - you're concerned about how do you make "tcpdump icmp" work when the
> link type is PPI (or pcap-ng)
Presumably meaning "when the link type is PPI or when the file is a pcap-ng
file" (pcap-ng isn't a link type, it's a file format).
> an
On 5/05/11 11:16 AM, Guy Harris wrote:
On May 5, 2011, at 11:07 AM, Darren Reed wrote:
There are also libpcap issues here that need to be resolved. At present, using
any filter with a PPI device fails to match any packet that doesn't have a DLT
of DLT_IEEE802_11.
...which is one o
On May 5, 2011, at 11:07 AM, Darren Reed wrote:
> There are also libpcap issues here that need to be resolved. At present,
> using any filter with a PPI device fails to match any packet that doesn't
> have a DLT of DLT_IEEE802_11.
...which is one of the things wrong with PPI. pcap-ng makes th
Michael,
See the attached file for a sample of IPv4 packets captured.
There are also libpcap issues here that need to be resolved. At present,
using any filter with a PPI device fails to match any packet that
doesn't have a DLT of DLT_IEEE802_11.
Darren
On 3/05/11 03:59 PM, Michael Richard
> "Darren" == Darren Reed writes:
Darren> Printing PPI packets with tcpdump does not turn out to be
Darren> that hard.
Darren> My simple tests have produced the output as below.
Super!
Do you have some PPI pcap files we can include in the test cases?
I've committed your code, w
13 matches
Mail list logo
