Hi,
between libpcap version 0.7 and 0.8 the DLT_PPP was cleaned up to not longer
support the faked IN/OUT flag which was needed to compile filter rules
for the PPP activ/passiv filtering.
The cleanup is OK, since the nativ PPP frame do not have any IN/OUT flag,
so for traffic analysers it is confu
karsten,
could you elaborate a bit more on "it creates binary incompatible filters";
in my testbed the linux machine creates 100% correct BPF filters;
e.g.
--->encaps is LINUX_SLL
# tcpdump -i ppp0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on p
On Tue, Aug 17, 2004 at 03:16:27AM +0100, neha agrawal wrote:
| hello!
| i am capturing packets using tcpdump. i want
| to read the packet header and all.. as tcpdump reads
| and put the information in data base.i dont want to
| read from output generated by tcpdump.. but read
| informatio
On Tue, Aug 17, 2004 at 01:55:11PM +0200, Hannes Gredler wrote:
> karsten,
>
> could you elaborate a bit more on "it creates binary incompatible filters";
The filter needed for PPP activ/passiv filtering work on the raw PPP
paket with the modified 4 byte PPP header, all prior kernel use this form
(How I want a drink, alcoholic of course, after the heavy lectures
involving quantum mechanics.
The above was inserted in the hopes that the duplicate message detector
won't flag this as a duplicate; it was originally sent from an address
of mine not on the tcpdump-workers list, and rejected fo
Hi !
I understand there is no solution to sniffing
for local traffic on Solaris since the
kernel always used the loopback interface for
that.
I suggest to write a STREAMS module to sit on top
of the loopback driver.
Does anyone know if the loopback driver is a
STREAMS driver ? (Say, Solaris 8 a
