#
# $Id$
# Fuzz testing script for tcpdump
#
# By Gerald Combs <[EMAIL PROTECTED]> and Ulf Lamping <[EMAIL PROTECTED]>
#
# This script uses Ethereal's Editcap utility to add random errors
# ("fuzz") to a set of capture files specified on the command line.
# It runs tcpdu
Guy Harris wrote:
> Gerald Combs wrote:
>> - A capture file that triggers the bug in the current daily build.
>
>
> That wasn't attached. Do you either have the capture, or a stack trace?
> I'm curious whether the problem is that it's being handed a
Guy Harris wrote:
> It doesn't appear to have gotten attached.
Weird. It works fine when I send it to my gmail account. Do
attachments get stripped at the lists.tcpdump.org end?
> OK, got it. I've checked in a fix for the underlying problem, and
> audited the calls to "print_unknown_data()" a
Harley Stenzel wrote:
> Looking forward, however, it would be helpful if the libpcap file
> format provided a way to tag the source of the captured packet, so
> that merged files do not loose information.
NTAR supports this:
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionpb
-
Under Linux you can use POSIX capabilities to capture as non-root.
CAP_NET_RAW lets you capture, and CAP_NET_ADMIN lets you use promiscuous
mode.
Damien ANCELIN wrote:
> To give you more informations :
> - "metrology platform" will be a computer that can be used by many users
> to capture packets
Phil Vandry wrote:
> Hello tcpdump-workers,
>
> I noticed that there does not seem to be any MIME type defined for
> libpcap-format packet capture files according to the list of types
> maintained by IANA:
>
> http://www.iana.org/assignments/media-types/
>
> I couldn't find any well-known but un
Michael Richardson wrote:
>> "Michael" == Michael Richardson writes:
> Michael> The data transfer of the bpf.tcpdump.org is still underway,
> Michael> and should complete by morning EST.
>
> cvs.tcpdump.org, bpf.tcpdump.org and www.tcpdump.org are online again.
>
> It seems that the
Guy Harris wrote:
> On Jan 10, 2010, at 12:06 PM, Michael Richardson wrote:
>
>> I was supposed to setup a master/manager program (it was in python, I
>> think), that will farm out builds for various platforms to a volunteer
>> pool. I've forgotten the name of this system, but it was the same on
amnon cohen wrote:
> Hi,
> Is there anyway to capture packets without being root on Linux.
> The docs imply that we running with CAP_NET_RAW will do the trick.
> Has anyone managed to get this to work?
> I got stuck when trying to add CAP_NET_RAW to the executable
>
>
> # setcap cap_net_raw my_sn
Phil Vandry wrote:
> On Mon, 4 Oct 2010 09:51:39 -0400 Rob Hasselbaum wrote:
>> Yes, it is possible (on Linux, anyway), but not extremely easy. You can
>> correlate packet data to the kernel's network connection table and network
>> connections to inode values by reading "/proc/net/tcp*" and
>
>
On 4/28/11 6:51 AM, Andrej van der Zee wrote:
> Is there any documentation on how libpcap/tcpdump/BPF deal with VLAN
> tags? Its still a bit of a mystery to me...
Does this help?
https://blog.wireshark.org/2009/10/capture-filters-and-offsets/
--
Join us for Sharkfest ’11! · Wireshark® Developer
On 6/1/11 8:10 AM, Mark Johnston wrote:
> Hi Darren,
>
> On Tue, May 31, 2011 at 03:53:22PM -0700, Darren Reed wrote:
>
>> You might be better off spending some time working
>> on additions to editcap that include concatenating
>> two or more pcap files.
>
> Shouldn't a function that manipulates
Steve McCanne spoke about the origins and architecture of libpcap and
BPF at Sharkfest this year. The presentation and video are now online at
http://sharkfest.wireshark.org/sharkfest.11/
under the "Keynote Video and Presentation" section.
-
This is the tcpdump-workers list.
Visit https://cod.s
On 3/15/14 2:56 PM, François-Xavier Le Bail wrote:
>> From: Guy Harris
>
>> On Mar 15, 2014, at 12:02 PM, Michael Richardson wrote:
>>
>>> I guess that this means that we also now have testing against bigendian
>>> systems. thank you wireshark guys!
>>
>> As long as it's doing "make check" fo
Hi,
The Wireshark tcpdump mirror (http://tcpdump.mirror.wireshark.org) is moving to
a new host. The new addresses are:
198.199.88.104
2604:a880:400:d0::2221:3001
I'll keep the old host up and running for the next week or so.
___
tcpdump-workers mailin
On 11/18/24 9:08 AM, Michael Richardson wrote:
The message about the spam was in fact spam.
But, it forged a valid From: so it got through.
I'd like to fix the SPF/DKIM/spam-filter such that it more aggressively kills
this kind of forgery, assuming that wireshark.org has the right policies set.
16 matches
Mail list logo
