Guy Harris wrote:
>
> On Dec 17, 2008, at 2:30 PM, Dustin Spicuzza wrote:
>
>> Speaking of which, is there something in tcpdump that can figure out how
>> long the header is... I see that the printers figure out this
>> information, but its not done separately as far as I can see.
>
> No, it's n
On Dec 17, 2008, at 2:30 PM, Dustin Spicuzza wrote:
Speaking of which, is there something in tcpdump that can figure out
how
long the header is... I see that the printers figure out this
information, but its not done separately as far as I can see.
No, it's not.
If you could have the vario
Guy Harris wrote:
>
> On Dec 17, 2008, at 12:18 PM, Matthew Luckie wrote:
>
>> could -s become a parameter that takes words as well as numbers, and
>> have the compiler return the appropriate number of bytes in each
>> case?. so -s udphdr -s tcphdr would return 14 + 20 + 8 for UDP
>> packets on
Guy Harris wrote:
>
> On Dec 17, 2008, at 12:43 PM, Dustin Spicuzza wrote:
>
>> ... as long as you trust that the header
>> values are ok (making sure that they stay in the bounds of the actual
>> packet size).
>
> Don't do that. Check against the incoming caplen, and check the sanity
> of leng
On Dec 17, 2008, at 12:43 PM, Dustin Spicuzza wrote:
... as long as you trust that the header
values are ok (making sure that they stay in the bounds of the actual
packet size).
Don't do that. Check against the incoming caplen, and check the
sanity of length fields.
-
This is the tcpdump-
On Dec 17, 2008, at 12:18 PM, Matthew Luckie wrote:
could -s become a parameter that takes words as well as numbers, and
have the compiler return the appropriate number of bytes in each
case?. so -s udphdr -s tcphdr would return 14 + 20 + 8 for UDP
packets on ethernet,
Not all link laye
Matthew Luckie wrote:
> Guy Harris wrote:
>
> could -s become a parameter that takes words as well as numbers, and
> have the compiler return the appropriate number of bytes in each case?.
> so -s udphdr -s tcphdr would return 14 + 20 + 8 for UDP packets on
> ethernet, and tcphdr would return 14
Guy Harris wrote:
On Dec 17, 2008, at 11:10 AM, Dustin Spicuzza wrote:
Is there currently a way to save protocol headers (and by this, I mean
ARP/IP/TCP/UDP/ICMP headers) to a file *without* the remaining payload?
There's no way to do *exactly* that.
You can, however, specify a snapshot len
On Dec 17, 2008, at 11:10 AM, Dustin Spicuzza wrote:
Is there currently a way to save protocol headers (and by this, I mean
ARP/IP/TCP/UDP/ICMP headers) to a file *without* the remaining
payload?
There's no way to do *exactly* that.
You can, however, specify a snapshot length with "-s" tha
Hey,
Is there currently a way to save protocol headers (and by this, I mean
ARP/IP/TCP/UDP/ICMP headers) to a file *without* the remaining payload?
If not, I could be motivated to write a patch to do this (it doesn't
seem like it would be that hard?) if someone just points me to the right
area
10 matches
Mail list logo
