On Dec 16, 2004, at 12:15 PM, Paul Thomas wrote:
From the TCP/IP Library Reference / System Library Functions Manual
If that's the QNX4 documentation, then...
SYNOPSIS
#include
#include
#include
...I would infer that QNX4 - or its development kit, if that's where
header files com
On Dec 16, 2004, at 12:38 PM, Paul Thomas wrote:
Unfortunately, there is no connection between the quoted
Man-Page-snippet
and QNX.
So what's the "TCP/IP Library Reference", whence that man page snipped
came, a manual for?
I Googled for "TCP/IP Library Reference" and "System Library Functions"
On Dec 16, 2004, at 1:23 PM, Paul Thomas wrote:
Is the "getifaddrs()" you're using part of QNX4, or is it
from some add-on library, e.g. taking the eCos implementation
and porting it to QNX4?
"getifaddrs()" is not part of QNX4. There is no connection whatsoever.
It is utilized in the libpcap file
On Dec 16, 2004, at 3:40 PM, Paul Thomas wrote:
There is a wcc option, "-we" (treat all warnings as errors) described
as
follows.
"By default, the compiler continues to create an object file when
there are
warnings produced. This option can be used to treat all warnings as
errors,
thereby prev
On Dec 16, 2004, at 2:47 PM, Paul Thomas wrote:
Here is the relevant output, from config.log:
Is there earlier "checking for getifaddr" output in config.log?
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
On Dec 16, 2004, at 3:10 PM, Paul Thomas wrote:
configure:3849: checking for getifaddrs
configure:3899: cc -o conftest -g -O2 conftest.c >&5
Warning(1028): getifaddrs_ is an undefined reference
That's only a warning? Is there a way to force cc on QNX4 to *fail* if
some symbol isn't found? If
On Dec 16, 2004, at 4:30 PM, Paul Thomas wrote:
But, the behavior "do not create executable if undefined symbols
are present" is not the same as having the linker "fail", is it?
What autoconf wants is to have an attempt to compile and link a program
that refers to a particular symbol cause, on a s
On Dec 16, 2004, at 4:44 PM, Guy Harris wrote:
Oh, well - I guess that means that autoconf won't work on QNX (or
QNX4, at least - it won't work on any of the QNX versions where the
Watcom linker is being used).
Or, more precisely, "I guess that means that autoconf-generated
co
If somebody wants to contribute that, something that avoids using
newlines - unless "-vv" is specified, the output of tcpdump should be
limited to one line per packet - would be useful, e.g. something just
listing the chunk types and other parameters, without dumping the chunk
data.
I've checked in
On Dec 16, 2004, at 2:08 PM, Paul Thomas wrote:
There is a very clear dependency on "ifaddrs.h".
Am I right to say that it is needed to build libpcap?
It's needed to build libpcap *IF* libpcap is to call "getifaddrs()" in
the implementation of "pcap_findalldevs()". Otherwise, it's not
needed.
I
Alex Narinsky wrote:
From the Cisco tutorial (http://www.cisco.com/warp/public/701/3.html)
the net mask combination "172.16.50.1 255.255.255.0" is valid.
However, when I apply this combination to windump -
windump "net 172.16.50.1 mask 255.255.255.0"
I am getting the error:
windump: non-network b
durung_lulus wrote:
I want to make simple sniffer, but having question in mind,
Could we loose any packet that we try to grab with
pcap_loop/pcap_dispatch?
Yes.
And if we do, what are the causes?
It'd be caused by the sniffer not being able to read packets fast enough
that whatever buffer the OS
Navis wrote:
You said about buffer, could you explain about what this buffer is?
Packet capturing with libpcap uses a mechanism in the OS (or, in the
case of Windows and WinPcap, a driver that comes with WinPcap that uses
a mechanism in the OS, and that runs in the kernel).
Different mechanisms
On Jan 2, 2005, at 3:13 AM, linux lover wrote:
No. i know how to print Hexdump of packet
with tcpdump. What i want to know is the source
program/statement that actually prints this on console
when given command tcpdump -X.
As you'll find if you look at the tcpdump code, if Xflag is set (th
On Dec 28, 2004, at 7:07 AM, Gisle Vanem wrote:
Some of the ifdefs for MingW/MSVC are completely unnecessary.
There should be no need for _errno() etc in the sources.
Does anything other than tcpdump.c and util.c need ? If not,
then there's no need to include in tcpdump-stdinc.h - you can
just
On Dec 28, 2004, at 7:07 AM, Gisle Vanem wrote:
inline ntohl() / ntohs() functions for gcc/i386.
Are there any OSes where ntohl() and ntohs() are defined as assembler
macros on x86? If so, we might not want to override those definitions,
if either
1) the OS is 486-and-later-only and uses the
Rick Jones wrote:
Are there any issues with having the header not be an 8 byte multiple in
size? lots of stuff (iirc) wants four-byte, but I'm not sure about 8
And is there a compelling reason to supply both the microseconds and
nanoseconds time stamps in the record header? Yes, libpcap would h
Dumas Hwang wrote:
Yes, I can use that structure too. Sorry, I am quite new to this. Is
the next step to get the magic number, change Ethereal so that it will
recognize the new magic number and submit the patch?
The next step is to change libpcap so that all programs using libpcap
can read files
Gcom, Inc. wrote:
I'm the lead for a project involving line monitoring of T1/E1 lines. We
are planning on exporting captured frames to Ethereal in tcpdump/libpcap
format, so we'd like a DLT. Who do I contact about this?
[EMAIL PROTECTED] :-)
What're the contents of those frames? If they conta
Dumas Hwang wrote:
Can I get a magic number associated with this format?
0xa12b3c4d - it's currently defined in savefile.c.
If there's anything else you want to add to the header, do so, and then
send us the patch to savefile.c to read the new format, and to
pcap-int.h to define it.
-
This is the
Peter Rabbitson wrote:
I am trying to capture only data packets from a 802.11b stream (no beacons,
no control frames). Pages 50 and 51 of
http://standards.ieee.org/getieee802/download/802.11-1999.pdf lead me to
believe that I am looking for a packet with the first byte being 0001
(in table
Gcom, Inc. wrote:
We expect the majority of the carried traffic to be LAPD or LAPB/X.25,
with some Frame Relay and SS7 thrown in for good measure. We've defined
a per-frame header that includes the next protocol above it, so either
the end-user can configure it explicitly or possibly an expert
Peter Rabbitson wrote:
The only thing I still do not understand is why the frame control field is
passed to me in inverse-BIT order (I understand the BYTE inversion on an
intel system,
Actually, for 802.11, at least, the two bytes of the frame control field
are *not* inverted on little-endian sy
Gcom, Inc. wrote:
While we would be happy to have specific DLT's to us, we designed the
header format to be as generic as possible with well-defined meanings
for the fields. The encapsulated protocol, for instance, is anything
with a WTAP code in Ethereal.
Note: WTAP codes are *not* guaranteed to b
Gcom, Inc. wrote:
Go ahead and give us two DLT's, DLT_GCOM_DS1 (or DLT_GCOM_T1E1 if you
prefer), and DLT_GCOM_SERIAL.
OK, DLT_GCOM_T1E1 is 172 and DLT_GCOM_SERIAL is 173.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
On Jan 12, 2005, at 8:10 PM, linux lover wrote:
I want to add my own new protocol interface
to tcpdump utility.
I.e., you have a protocol that runs top IP or a protocol running atop
IP (such as TCP or UDP), and you want to add code to tcpdump to dissect
packets for that protocol and pri
linux lover wrote:
Actually i am in implementation of new protocol
like IPSEC protocol which adds NEW IP header in front
of AH Header i.e. consider packet structure of ipsec
TCP+IP1+AH+IP2+ETHERNET
Right-to-left is a bit odd there - do you mean that the packet begins
with an Ethernet (or
On Jan 18, 2005, at 7:18 AM, Jeff Morriss wrote:
I've been looking at a weird capture behavior on Linux (Redhat
Enterprise Linux with kernel 2.4.21-27.0.1.ELsmp and libpcap
libpcap-0.7.2-7.E3.2 though I've also tried tcpdump 3.8.3 and libpcap
0.8.3).
We have an SCTP implementation that runs in
Karl Gaissmaier wrote:
There are missing CASE statements for DLT_PRISM_HEADER in
the different filter checks and a modified gen_wlanhostop
to shift the packet the prism header length, but using the
same logic as for the DLT_IEEE802_11 link layer.
It requires more than that.
ARPHRD_PRISM is used in
(Sorry about letting this one slip through the cracks)
Gisle Vanem wrote:
"Guy Harris" wrote:
Does anything other than tcpdump.c and util.c need ? If not,
then there's no need to include in tcpdump-stdinc.h - you
can just move the include of in tcpdump.c outside of the
Guy Harris wrote:
Hannes Gredler wrote:
i have checked in support for the new DLT_PPP_WITH_DIRECTION (166) and
LINKTYPE_PPP_WITH_DIRECTION (166)
Hmm. From what Karsten says, it's a bit special, with the 0xff in the
HDLC-like header replaced by a dire
Karsten Keil wrote:
But here is a new DLT_PPP_WITHDIRECTION which handle this like the
old libpcap. All you have to do is, to change pppd filter code to
use DLT_PPP_WITHDIRECETION instead of DLT_PPP.
As it's somewhat Linux-specific, I've renamed it to
DLT_LINUX_PPP_WITHDIRECTION in a recent CVS ch
aman Reddy wrote:
can anyone please tell me the difference between pcap_dispatch and pcap_loop.
To quote the current CVS libpcap man page:
pcap_dispatch() is used to collect and process packets. cnt specifies
the maximum number of packets to process before returning. This is not
a minimum num
Karsten Keil wrote:
Hmm, I think it should be become a general feature, since filtering for
inbound/outbound for pppd based connections is a common problem and not
Linux specific.
But overwriting the 0xff might, or might not, be the way it's done on
all other platforms. (Also, can't the address a
On Feb 2, 2005, at 6:01 PM, Gregor Maier wrote:
We'd like to get two DLTs, namely DLT_ERF_ETH and DLT_ERF_POS. The DAG
range of network monitoring cards prepend an additional ERF header (see
http://www.endace.com/support/EndaceRecordFormat.pdf for further
information) to the actual link layer data,
Gert Doering wrote:
But still, it's good to be able ("soon") to checkout current sources,
for future work - whatever it will be.
It's not as nice as having anonymous CVS access, but nightly CVS
snapshots are available from the tcpdump.org home page - see "Current
Tar files".
-
This is the tcpdump
Karsten Keil wrote:
Maybe PPPD people should decide the name, but it should be decided now and
not changed afterwards again, it make trouble enough to detect, if the
correct version of libpcap is installed and fallback to not in/out capable
filter if not. At the moment even actual pppd will fallbac
Gregor Maier wrote:
yes it would. It's a bit superfluous (although ERF timestamps are more
accurate) but the main reason we need the DLTs is to get the correct
offsets (off_nl, off_mac, etc.) in gencode.c. At the moment these cards
use the "native" DLTs of the interface and filtering is done using
Gisle Vanem wrote:
Some of the ifdefs for MingW/MSVC are completely unnecessary.
There should be no need for _errno() etc in the sources. Looks like
tcpdump was patched to suite a very old MingW. MingW also have
getnameinfo().
Checked in.
I've also added:
IPv6 capability to inet_pton.c. Courtesy
Nicolao Renè wrote:
Hi, I've a problem with tcpdump when I try to specify a port range
if I use a filter expr like: tcpdump -i eth0 '(tcp and (tcp[0:2]
>=1) and (tcp[0:2] <= 2))'
which means, capture all tcp packets with source port between 1 and
2, I get no result from tcpdump.
The
On Feb 9, 2005, at 8:46 PM, Felipe Kellermann wrote:
I've recently read the draft of the new file format -- very
interesting.
I'd like to raise a question here on a feature I've always thought
would
be useful: An offset, in addition to the snaplen. This feature is
surely
almost self-explanatory
On Feb 18, 2005, at 3:28 AM, Ramsurrun Visham wrote:
1) wanted to ask how to make tcpdump show mac addresses?
Use the "-e" flag:
% man tcpdump
...
-e Print the link-level header on each dump line.
2) how can I pass the packet that has been captured by tcpdump to
iptables
Harry Putnam wrote:
[Possible Wrong list Alert]
This may be the wrong list for this, but I'm reading from Gmane and it
is the only tcpdump list available.
This is, in fact, the offical mailing list for tcpdump.
Trying to wade thru tcpdump man pages and learn how to capture the
filename in an excha
Harry Putnam wrote:
Well that comes close but still fails to show the extension:
tcpdump -v -A host somehost
Shows something like this:
[...]
\.GET /demo/learnpscs/01.03_cust
I happen to know that is 01.03_cust.mov, but how can I learn that from
tcpdump?
By capturing with the "-s" flag as w
Ramsurrun Visham wrote:
What I want to do is that after libpcap prints the stats about each
packet it captures, I want the whole ethernet frame to be sent to the
IPTables firewall I've set up. It as if there was no libpcap there.
Does the iptables mechanism know, or care, whether somebody happens t
Ramsurrun Visham wrote:
The fact is that I don't know what happens to he packets after
libpcap finishes it work with them - does it release them in the
normal flow of traffic (as if it weren't there) or is it passed to
its destination process through some other mechanism..
libpcap itself only pa
Ramsurrun Visham wrote:
But if I want to modify the packets in the normal flow, let's say
manipulate their mac address, how do I go abt it.
Not with libpcap - it has its own packet flow, separate from the normal
flow, and it cannot affect packets in the normal flow (i.e., in the
normal receive pa
Pieter De Wit wrote:
I am trying to compile libpcap 0.8.3 under Tru64 and it fails with the
following errors:
bash-2.05# make
cc -O -std1 -g3 -I. -I/usr/local/include -DHAVE_CONFIG_H -c ./gencode.c
cc: Error: ./gencode.c, line 126: Missing ";". (nosemi)
static inline struct block *new_block(int)
Jeff Morriss wrote:
Because of this, I'd suggest removing the "rawss7.h" file from the
source tree and (possibly) returning DLT 139 to the free pool.
Sounds OK to me - I'd vote for recycling 139 (anybody who used it, even
though pcap-bpf.h has long had a lot of comments saying "ask tcpdump.org
f
Hannes Gredler wrote:
no - we actually need to parse through the IP header to find out if the header
is variable length [IP options etc.]
Actually, you just have to look at the header length field for IPv4; for
IPv6, you do have to keep processing headers until the final header is seen.
-
This is
erik corell wrote:
I am using a pcap filter to catch 90 bytes long packets on port 123
(NTP packets). I am only interested in the packets to and from the
computer I am running pcap on. It is usually not a problem because I am
running PCAP in non-promiscuous mode. However, when I run for example
tcp
mwcorley wrote:
For the past couple of years or so I've been developing a more standard way to
interact with and handle libpcap packets. This has enabled me (and other in
the local community) to develop tailored network centric tools much quicker
and easier than before. We call it SIMPCAP (Sim
Ramsurrun Visham wrote:
I read that the headers are contiguous, i.e. ethernet first, then IP,
and then ICMP. They are 14, 20 and 8 bytes respectively. I also believe
that the header size doesn't change.
Not true of the IP header size - the IPv4 header has a *minimum* length
of 20 bytes, but if the
Guy Harris wrote:
Not true of the IP header size - the IPv4 header has a *minimum* length
of 20 bytes, but if there are IP options, it could be longer than 20
bytes. The first byte of the IP header is the version/length byte; it
includes a length, in units of 4-byte words (so that a value of
mwcorley wrote:
I think a patch would be cool. It shouldn't be very difficult if using zlib.
When you get a chance, open savefile.c of the libpcap source. There is a
routine: sf_next_packet(). Pretty much all packet content capture for
savefiles is through that method. Essentially, I replaced a
mwcorley wrote:
Currently there are features for automated protocol
decoding, non linear capture facilities for random access and modified binary
searching through savefiles,
Note that libpcap has to be able to work on non-seekable input streams,
such as pipes, so it can't *require* random access
Jesper Hald wrote:
tcpdump.o(.text+0x80e): In function `main':
: undefined reference to `pcap_debug'
Could you send the config.log file from the tcpdump build directory?
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
On Mar 8, 2005, at 3:37 PM, erik corell wrote:
Thank you Guy and Alex very much for your replies! A lot of good
stuff in them. However, I need my program to be portable.
Umm, what about
Well, one generic solution might be "run in non-promiscuous mode",
unless the problem is with broadcast and m
Jesper Hald wrote:
From: "Guy Harris"
To: "Jesper Hald"
Subject: Re: [tcpdump-workers] Error building TCPDump 3.8.3
Date: Fri, 11 Mar 2005 10:20:37 -0800
Jesper Hald wrote:
This is the logfile.
So if you run the command
nm -o ../libpcap-0.8.3/libpcap.
On Mar 11, 2005, at 1:08 AM, Nune ChandraSekhar wrote:
I am using the tcpdump2.2.1
That's a *very* old version - I don't even know whether we have
source for it.
and I am running the tcpdump on Tru64 machine.
If it's the version that comes with Tru64, you should report this as
a bug to HP.
2.
michal grosos wrote:
I want to make an application able to capture outgoing and incomming
packets on Symbian OS v7.0 platform (the P900 Sony Ericsson mobile
smartphone). Can I use the libpcap library?
Only if either
1) Symbian OS V7 is derived from one of the OSes libpcap currently
supports - tru
On Mar 15, 2005, at 3:49 AM, Luis Monge wrote:
I noticed that the number of packets received in the struct pcap_stats
and the number in my global counter is different.
Why does this happen?
Because, on at lest some platforms, the "number of packets received"
that pcap_stats() supplies is the numb
2 - However on /usr/include/net/ethernet.h there is a defined
value of: ETHER_MIN_LEN 64, this means that the minimal
length of an ethernet frame is 64 bytes, so lets count:
- 14 for ethernet header
- 20 for ip header without options
- 8 for udp
On Mar 17, 2005, at 10:44 PM, José María González wrote:
This seems like a valid, non-fragmented, TCP over IP packet (I didn't
check the checksum, though).
...which means that answers to Alexander Medvedev's questions:
alexander medvedev wrote:
hi Stefan,
can you send us more information about the
Manoj Kumar wrote:
I was learning how to go about writting sniffer using libpcap. For the
reason i was going through code of tcpdump version 3.8.3 code (which indeed
helped me alot), and i think there is some memory
leak in tcpdump when used with filters. As tcpdump uses
'pcap_compile()' , which e
Michael Richardson wrote:
On a Unix (POSIX?) system, when the process exits, then the operating
system reclaims all resources. If you aren't running on such a system,
then yes, you probably have a problem.
...unless you're running on a Win32 system, using WinPcap, in which
case, as far as I know
Walzer, Jeff wrote:
I want to run tcpdump on the Nokia box to make sure that is the only
header and that I'm not missing any that might get stripped. Does
tcpdump allow me to grab http headers and if so what command options do
I need to use to grab that info?
Tcpdump grabs raw packet data - it does
FatRiSha wrote:
I would like to know the correlation between 'libpcap', 'linux' & bpf.
Linux is, depending on whom you ask, either an operating system kernel
or an operating system.
BPF is, depending on whom you ask, either
1) a mechanism, provided in various BSDs and in AIX, for capturing and
ashok kumar wrote:
In tcpdump we logged on through root access.
In that, we entered the command tcpdump -w
We are getting the specified format but we cant capture
any packets.
how to get a packet captured?
http://www.tcpdump.org/faq.html#q4
-
This is the tcpdump-workers l
alexander medvedev wrote:
i am trying to minimize the dropped packet count, which maybe due to a too
small buffer in the BPF driver.
are there any bad implications of setting the BPF buffer size to 1meg and
hardcoding pcap-bpf.c to use the buffer size of 1meg?
[wasting kernel memory does not count.
FatRiSha wrote:
So,.. Linux kernel 2.2 and above already used kernel filtering, right?
They already supported kernel filtering.
and there's no BPF in Linux at all, right?
There's no BPF in the sense of a raw packet capture and sending metod
that behaves the way BPF behaves on BSD.
There *is*, how
Langesh Dharmalingam wrote:
[EMAIL PROTECTED] libpcap-0.6.2]# ./configure
loading cache ./config.cache
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking build system type... i686-pc-linux-gnu
...
ln: creating symbolic link `net' to `./bpf/n
On Mar 31, 2005, at 7:20 AM, Gabriel wrote:
Hello, I tried using tcpdump -xs 1500 -i eth0
"tcp[2:2]>=1000 and tcp[2:2]<=2000" but it doesn't
capture anything. When I tried tcpdump -xs 1500 -i
eth0 tcp[2:2]=1500 it worked out fine (it captured
everything with the dst port 1500). I'm using linux
with
On Apr 1, 2005, at 2:56 AM, Gabriel wrote:
Yes, it works when I use the -O option. Thanks.
So it's probably an optimizer bug, and...
The output of the first one is:
-
[EMAIL PROTECTED]:~> sudo tcpdump -d -i eth0
"tcp[2:2]>=1000 and tcp[2:2]<=2000"
(000) ldh [12]
(001) jeq #0x800
gilbert HOYEK wrote:
hi i would like to request a new DLT_SEPTEL for Intel/Septel cards used
in ss7 messages transfer .
DLT_SEPTEL, or DLT_MTP2/DLT_MTP3/whatever?
Unless there's some extra header on the packet that includes information
from the Septel cards, the DLT_ name probably shouldn't m
nswer from
Mr . Guy Harris (thanks 2 him).
so it helped me a lot but still the part about the pcap-dag.c , idid not
get it well .so if you can explain it to me i would be gratefu:
There isn't anything about pcap-dag.c in my message; pcap-dag.c is an
example of a way to add support for
Alex Narinsky wrote:
How can I test STAP if all G-machines have new PacketData with longer
fields?
The only one is old but Nir does not allow me to test STAP on this
computer?
Was this supposed to be sent somewhere other than tcpdump-workers? It
sounds as if you wanted to send it to a co-worker o
On Apr 5, 2005, at 10:36 AM, Shyam Kumar wrote:
I am working on utilizing tcpdump for the way it presents data. As per
my Switch/Router I have my own implementation of ACL (Access Control
List) / Filter rule set & want to enhance its data representation
part.
For that very purpose I need to utili
gilbert HOYEK wrote:
2-in pcap-linux.c only pcap-open-live and pcap-platform-finddevs contains
#ifdef HAVE_DAG_API . so do i have to make similar code (#if def
HAVE_SEPTEL_API ...) to only these two funtions in pcap-linux.c ?
Yes.
3- pcap-linux.c contains #include pcap-int.h with contains at
Michael Richardson wrote:
I'd like to make sure that libpcap 0.9.1-096 compiles on NetBSD 1.6.
It appears that the test for fddipad says defined(__NetBSD__),
but that member must have been introduced in a post-1.6 version of
NetBSD.
Actually, the problem appears to be that PCAP_FDDIPAD is defined i
Brown, Mark C (GSE GCSM) wrote:
I'm finalizing a small patch to pcap-dlpi.c for HP-UX systems and I have
two questions:
1) What is the preferred format for patches?
Context or unified diff, probably.
2) The main website says 0.9.0 went alpha today (the link to the source
is broken btw). What is th
Michael Richardson wrote:
I would like to plan a 3.9 branch and release for April.
I would propose branching on April 10, with the release around April 25.
How does that sound?
It sounds reasonable.
(It turns out I might be able to get gencode.c to handle radiotap -
*all* filter expressions other
David Young wrote:
Radiotap is designed to be a variable-length header. When you say that
gencode will handle it, you mean that it will skip based on the length
field to the end of the radiotap header? If so, that sounds great!
That's the goal. There are a number of places that need to be change
Daniele Orlandi wrote:
I would like to request a DLT_ number for raw LAPD (q.921) frames captured
thru vISDN, an ISDN architecture I'm developing for Linux. Some draft
documentation may be found at http://www.orlandi.com/visdn/
So this is D-channel only, i.e. a DLT_{whatever} capture wouldn't hav
On Apr 7, 2005, at 3:01 PM, Daniele Orlandi wrote:
It depends on what you mean with "no extra stuff". The payload is
raw-LAPD but
the capture includes the sockaddr_ll header because the dissector
needs to
know the interface's role in order to correctly interpret the C/R
flag.
Specifically, b
On Apr 7, 2005, at 6:19 PM, Felipe Kellermann wrote:
b) Couldn't parse.
"tarceing" is probably a typo for "traceing"; I don't know whether
"pots" is a typo for "ports" or not. He might be referring to
support for passive network taps.
-
This is the tcpdump-workers list.
Visit https://lists.san
On Apr 7, 2005, at 7:33 AM, Brown, Mark C (GSE GCSM) wrote:
Here's a patch to allow the user to override the DLSAP in the
DL_BIND_REQ via environment variable PCAP_SAP when running on HP-UX.
There have been issues with other applications binding to 22
I.e., other applications trying to read raw pac
Automatic cvs log generator /tcpdump/bin/makelog wrote:
Description:
-add support for llc based protocols (iso, etc..) for ethernet
by checking the proto against the ethermtu and bumping
the link-layer offset by two.
-add support for vlan and mpls hierarchies by not absolute
setting offsets but
Mike Kershaw wrote:
I have code which does this already for wireless (sending a modified
pcap stream basically).
Wrapping it in SSL would be trivial (already on the list of stuff to
support).
Moving this to pure pcap would also be trivial. This seems more
application layer than pcap layer -- by th
Daniele Orlandi wrote:
Yes, I agree, in facts I forgot that I was already using DLT_LINUX_LAPD.
I would go with DLT_LINUX_LAPD,
OK, I've checked in a change to make it DLT_LINUX_LAPD. Presumably the
theory is that either
1) vISDN will be the only ISDN-for-Linux that supports D-channel packet
c
Michael Richardson wrote:
I leave you to advise what and if code should be pulled up.
I.e., pulled up to the x.9 branches?
So do you want to handle any pulling up, or should the people checking
in code do so?
(In either case, people checking in libpcap and tcpdump changes should
note that the
Hannes Gredler wrote:
if you want to do live capturing and decode using ethereal/tethereal then you'd
simply do:
ssh [EMAIL PROTECTED] "sudo tcpdump -ni eth0 -s 0 -w -" | tethereal -nli -
That works for Tethereal. For Ethereal, it's a bit more complicated -
on UN*X, you'd create a named pipe fil
On Apr 12, 2005, at 3:32 PM, Michael Richardson wrote:
Since libpcap doesn't have sending packets as a goal, I'd say that
libdnet supports sending on an infinite more than libpcap.
...except for libpcap 0.9, which *does* support sending packets.
-
This is the tcpdump-workers list.
Visit https://l
gilbert HOYEK wrote:
[EMAIL PROTECTED] make install
[ -d /usr/local/lib ] || \
(mkdir -p /usr/local/lib; chmod 755 /usr/local/lib)
/usr/bin/install -c -m 644 libpcap.a /usr/local/lib/libpcap.a
/usr/bin/install: cannot stat `libpcap.a': No such file or directory
So there's no "libpcap.a" in the "
eving revision 1.110
diff -c -r1.110 pcap-dlpi.c
*** pcap-dlpi.c 8 Apr 2005 03:08:00 - 1.110
--- pcap-dlpi.c 13 Apr 2005 08:42:50 -
***
*** 20,27
*
* This code contributed by Atanu Ghosh ([EMAIL PROTECTED]),
* University College London, and subsequently modified
Oolan Zimmer wrote:
In Gcom's T1/E1 driver, a DL_ATTACH_REQ chooses the physical port and a
DL_BIND_REQ chooses the logical channel on that port. A logical channel is
a collection of one or more timeslots, and its associated SAP is
configurable (usually just starts at 1 for the configurations we d
Maxime Josset wrote:
I used WinDump and it captures files but i need your help to format them.
How can i decode the capture files XXX.dmp with TCPDump on a Windows XT in
order to render them as text?
"TCPDump on a Windows XT" (did you mean "Windows XP"?) is called
"WinDump"; WinDump is a port of t
Jeff Terrell wrote:
Is there a FAQ for either this list or for tcpdump development in general?
There is a tcpdump/libpcap FAQ:
http://www.tcpdump.org/faq.html
but it's not a FAQ for people doing development of tcpdump itself.
Is the sourceforge page really out of date, or are there really p
On Apr 15, 2005, at 1:10 PM, ury segal wrote:
I have pcap_dispatch sometimes returning value <0 and
pcap_geterr printing "Resource temporarily
unavailable".
The pcap handler is non blocking
(pcap_setnonblock was called with 1), the fd was
found with pcap_get_selectable_fd, it was select()ed
on and
Brown, Mark C (GSE GCSM) wrote:
I pulled the latest source from the CVS with your changes checked in
this morning:
Yeah, I decided not to do the "cleans up a bit of the DL_HP_RAWDLS
stuff", as the configure script treats HP-UX other than 9.0, 10.0x, and
10.1x as 10.20 or 11.x, so presumably it's
201 - 300 of 2521 matches
Mail list logo
