[tcpdump-workers] Proprietary link layer headers (DLT:s)?

Hi, What would be required to request a DLT for a proprietary format? Best regards Anders - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.

[tcpdump-workers] Request for DLT

49285&view=markup Best regards Anders Broman ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

[tcpdump-workers] Request for new DLT

49285&view=markup LINKTYPE_ANY_PDU or something like that? Best regards Anders Broman ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] Request for new DLT

ision=49285&view=markup LINKTYPE_ANY_PDU or something like that? Best regards Anders Broman ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] Request for new DLT

From: Pascal Quantin [mailto:pascal.quan...@gmail.com] Sent: den 19 maj 2013 10:25 To: Michael Richardson Cc: Anders Broman; tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] Request for new DLT Hi Michael, 2013/5/18 Michael Richardson >>>>> "Pascal"

Re: [tcpdump-workers] Request for new DLT

-Original Message- From: m...@sandelman.ca [mailto:m...@sandelman.ca] Sent: den 23 maj 2013 20:03 To: Anders Broman Cc: tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] Request for new DLT >>>>> "Anders" == Anders Broman writes: Pasca

Re: [tcpdump-workers] Request for new DLT

e new DLT value the TLV:s and then the PDU:s Following after the SSL layer. Regards Anders Broman -Original Message- From: tcpdump-workers-boun...@lists.tcpdump.org [mailto:tcpdump-workers-boun...@lists.tcpdump.org] On Behalf Of Anders Broman Sent: den 24 maj 2013 10:59 To:

Re: [tcpdump-workers] Request for new DLT

-Original Message- From: m...@sandelman.ca [mailto:m...@sandelman.ca] Sent: den 19 juni 2013 14:50 To: Anders Broman Cc: tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] Request for new DLT Anders Broman wrote: Anders> Hi, Any chance of getting forward on t

Re: [tcpdump-workers] Request for new DLT

-Original Message- From: Anders Broman Sent: den 19 juni 2013 19:23 To: 'm...@sandelman.ca' Cc: tcpdump-workers@lists.tcpdump.org Subject: RE: [tcpdump-workers] Request for new DLT -Original Message- From: m...@sandelman.ca [mailto:m...@sandelman.ca] Sent: den 19

Re: [tcpdump-workers] Request for new DLT

-Original Message- From: m...@sandelman.ca [mailto:m...@sandelman.ca] Sent: den 28 juni 2013 01:51 To: Anders Broman Cc: tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] Request for new DLT Anders Broman wrote: > Currently there is two tags defined to indic

[tcpdump-workers] Patch to return a pcap_pkthdr (pcap_ng_pkthdr) to caller suited for writing pcap-ng files

o continue work on it or any other suggestion on how to proceed. If someone wants to improve on the patch even better. Best regards Anders Broman ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/l

Re: [tcpdump-workers] Patch to return a pcap_pkthdr (pcap_ng_pkthdr) to caller suited for writing pcap-ng files

u_char *); +typedef void (*pcap_ng_handler)(u_char *, const struct pcap_ng_pkthdr *, +const u_char *); + /* * Error codes for the pcap API. * These will all be negative, so you can check for the success or From: Anders Broman Sent: den 20 november 2013 18:05 To: tcpdum

Re: [tcpdump-workers] How tcpdump determines the "dropped by kernel"?

Hi, It's not clear to me if you are running tcpdump on the server in question, which might not be a good idea if its heavily loaded as tcpdump might add extra load to the machine. You could check with top. Which OS are you running and what versions of tcpdump/libpcap? What is the packets/s or

[tcpdump-workers] Fault in pcap_list_tstamp_types()?

Hi, Playing with this function I get pcap_list_tstamp_types, num tstamp_types 3 host adapter_unsynced adapter Then trying to set pcap_set_tstamp_type(pcap_h, PCAP_TSTAMP_ADAPTER); 'eth1' (SIOCSHWTSTAMP failed: Numerical result out of range). ethtool -T eth1 Time stamping parameters for eth1: Cap

Re: [tcpdump-workers] pcapng adaptions vs Wireshark

>Are there specific things in a new API that would make wireshark happier? >feel free to start a new thread ;-) Having a packet header that could be written to file directly might be a good idea /* pcap-ng Enhanced Packet Block without actual packet, options, and trailing * Block Total Length

Re: [tcpdump-workers] Libpcap performance problem

Hi, What version of libpcap are you using? Version >= 1.5.3 uses TPACKET_V3 which may give an capacity increase. Regards Anders -Original Message- From: tcpdump-workers [mailto:tcpdump-workers-boun...@lists.tcpdump.org] On Behalf Of Giray Simsek Sent: den 28 januari 2015 15:58 To: tcpdu

Re: [tcpdump-workers] [tcpdump] Feature request: conditional run dissector on traffic (#495)

Skickat från min Sony Xperia™-smartphone Michael Richardson skrev > > It has been mentioned briefly in #471: with the option -T radius it is > > possible to dissect traffic over non-RADIUS ports as RADIUS, but this > > means all traffic will be dissected as RADIUS > > > A

[tcpdump-workers] Fwd: Remove support for AirPcap and TurboCap in master

-- Forwarded message - Från: Anders Broman Date: mån 14 okt. 2024 22:14 Subject: Remove support for AirPcap and TurboCap in master To: Hi, There are two pull requests to remove support for two obsolete HW products. Any objections? Both has been end of availability for more

[tcpdump-workers] Test programs on Windows?

Hi, I have successfully built libpcap with VisualStudio using NPCAP SDK. But when trying to run any of the test programs like libpcap>run\RelWithDebInfo\findalldevstest.exe It complains about not finding packet.dll however packet.lib exists. Are the tests supposed to work on Windows? Best regards

Re: [tcpdump-workers] Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG

--- Begin Message --- Hi, You should perhaps take a look at the exported plus link type and wireshark sources. It may be doing similar things. New tags could be added. Regards Anders Hämta Outlook för Android From: tcpdump-workers on behal