On May 06 17:37:51, rfranco...@debian.org wrote:
> > is normal that soname of libpcap.so.1.6.2 is libpcap.so.0.8 ?
> This is specific to Debian and its derivatives, for more details see:
> https://people.debian.org/~rfrancoise/libpcap-faq.html
And it's /usr/lib/libpcap.so.8.1 on current OpenBSD
IP-Addresses and Ports.
Please help
Hans Klute
--
+++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
pdump is better, but it shows the
same behaviour but not that strong.
Also about every 3 minutes the the idle time of the CPU goes down to 62
percent. It is back at normal within 15 sec (values from top ).
It seems to me that somehow libpcap "hangs" a moment, and because my program
pr
> On Thu, Apr 01, 2004 at 02:12:35PM +0200, Hans Klute wrote:
> > Now I have noticed that about every 3 minutes and 15 seconds the Program
> > uses 100 % of the CPU.
> > After about 45 sec the program works normal again and uses only 10% of
> the
> > CPU time.
>
Hi!
I just realized a bug/feature of pcap that I didn´t think of.
I wrote a sniffer based on pcap. This sniffer can handle fragmented IP
packets. Now I realized that if you set up a filter with a UDP or TCP port,
you will not get the additional fragments, because in these packets there
are no UDP/
> In some email I received from Hans Klute, sie wrote:
> [ Charset ISO-8859-1 unsupported, converting... ]
> > Hi!
> >
> > I just realized a bug/feature of pcap that I didn?t think of.
> > I wrote a sniffer based on pcap. This sniffer can handle fragmented IP
>
Hi,
I´ve written a dissector (MUX27010) for wireshark and I want to commit it to
the project. Therefore I need a new DLT value for this dissector/protocol
because the protocol doesn´t base upon another data link layer protocol.
What the dissector does: It analyses a multiplexed communication bet
Guy Harris alum.mit.edu> writes:
>
>
> On Jan 10, 2011, at 6:16 AM, Schemmel, Hans-Christoph wrote:
>
> > I´ve written a dissector (MUX27010) for wireshark and I want to commit it to
the project. Therefore I need
> a new DLT value for this dissector/protocol because t
> Is this DLT value only for the Basic Option, or is it also used for the
Advanced Option? If it's also for the
> Advanced Option:
>
> 1) Is the flag octet 0x7E if the Advanced Option is being used?
>
> 2) If the Advanced Option is being used, do the packet contents include
escape oc
Guy Harris alum.mit.edu> writes:
>
> OK, so it sounds as if this isn't raw standard 27.010 traffic. Is MUX27010
likely to be used as a name for that
> traffic? If not, we could call it DLT_MUX27010/LINKTYPE_MUX27010.
>
> What is the format of the additional header?-
> This is the tcpdump-work
Guy Harris alum.mit.edu> writes:
>
> What is the format of the additional header?-
The format of the additional header is:
| Header_Size | Msg_ID | Freq_ID | Start_Pos | End_Pos | Flag | ... | Msg_ID |
Freq_ID | Start_Pos | End_Pos | Flag | Direction | MUX_Frame
Header_Size (1 Octet): To
Guy Harris alum.mit.edu> writes:
>
> So are any of those fields optional? For example, is the fragment ID
optional? If so, what indicates whether
> it's present? If nothing is optional, why is the header size not always 7?
>
The size of the header depends on the number of PPP packets in th
Guy Harris alum.mit.edu> writes:
> OK, so the Direction field and Header_Size fields are always present, and the
Header_size field gives the
> size of the *optional* fields; if a frame contains N PPP packets, the
Header_Size field has the value 5N.
> (If Header_Size isn't a multiple of 5, the fr
Guy Harris alum.mit.edu> writes:
>
> OK, so it's:
>
> Header_Size: 1 octet
>
> A sequence of zero or more instances of:
>
> Msg_ID: 2 octets
>
> Freq_ID: 2 octets
>
> Start_Pos: 1 octet
>
> End_Pos: 1 octet
>
>
Guy Harris alum.mit.edu> writes:
> should I just describe the holes as "other data", so you're not
> constrained to forever make them all be AT command/response text, or is it
guaranteed (now and forever) to
> be AT-command-or-response text?-
The description of the holes as "other data" sounds
Guy Harris alum.mit.edu> writes:
>
> Start_Pos and End_Pos are relative to the beginning of MUX_Frame, right?
I.e., a 4-byte chunk starting at
> the beginning of MUX_Frame would have a Start_POS of 0? Would End_POS be 3
(meaning that it's the offset of
> the last byte of the chunk) or 4 (meani
Guy Harris alum.mit.edu> writes:
>
> The PPP chunks are indicated by the {Msg_ID, Freq_ID, Start_Pos, End_Pos,
Flag} quintuplets, where
> Start_Pos is the 1-origin index (i.e., the first byte of the MUX_Frame has an
index of 1, not 0), from the
> beginning of MUX_Frame, of the first byte of the
I just want to ask if you´ve already assigned a DLT value for the dissector?
Kind regards,
Christoph Schemmel
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Guy Harris alum.mit.edu> writes:
>
> Not yet - I've been somewhat busy the past week and a half, and I have to
condense all the e-mail on this thread
> into a complete and precise description of the data format, to put into the
pcap/bpf.h and pcap-common.c
> files. If somebody else were to do s
Guy Harris alum.mit.edu> writes:
>
> OK, I've assigned 236 as LINKTYPE_MUX27010 and DLT_MUX27010.
>
Thank you very much!
Kind regards,
Christoph Schemmel
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
20 matches
Mail list logo
