> On Sun, 24 Mar 2019 13:32:03 +0100
> Michael Richardson <[email protected]> wrote:
>
> > Jonathan Morton <[email protected]> wrote:
> > >> On 24 Mar, 2019, at 12:05 pm, Pete Heist <[email protected]> wrote:
> > >>
> > >> tcpdump -r file.pcap udp port 2112 and greater 80 and "ip[1] != 0x1?
> > >>
> > >> ?greater 80? ignores the handshake packets and 0x1 is whatever TOS
> > >> value we want to make sure the packets contain. We can use different
> > >> filters for other traffic.
> >
> > > Bear in mind that the TOS byte contains ECN as well as DSCP fields,
> > and
> > > the latter is left-justified.
> >
> > libpcap should probably learn about DSCN bits to avoid people having to
We need to teach tcpdump and wireshark what the new meaning of the 4th state
ECT bits mean, and that NS now means ESCE. It already knows what CE and ECE
are, iirc.
> > think so much :-)
> >
> > Send patches to me/github.
> >
>
> Libpcap is ancient history by now. It is like ifconfig, everyone still can't
> reprogram
> their brain; but the tool is on life support.
That is not correct, wireshark is a GUI built on top of libpcap,
and quiet useless without a working libpcap.
https://wiki.wireshark.org/libpcap
However, the place(s) that need to learn about the bits so it
can display them correctly is in the wireshark code, and also
in the command line tcpdump code.
> All development is happening on wireshark/tshark.
Rarely, but not unheard of, changes do have to be made to libpcap,
this however is not one of those cases.
Libpcap is a very stable entity today.
--
Rod Grimes [email protected]
_______________________________________________
Cake mailing list
[email protected]
https://lists.bufferbloat.net/listinfo/cake
