> "Juliusz" == Juliusz Chroboczek writes:
>>> (Michael, do you want some regression tests, i.e. a sample
>>> capture or captures and the corresponding tcpdump output?)
>> yes, I really, really, really, prefer to have those test cases as
>> sanity checks.
Juliusz> You wil
Unless someone says that there is something else out there, I'm going to
write an (IPv4) pcap file anonymizer. I won't make the first version
efficient.
It will just look for up to 16 IP addresses in source/destination fields
and consistently replace them, updating the checksum.
--
] He
On Apr 28, 2011, at 6:42 PM, Andrej van der Zee wrote:
> Yes it does. Makes me wonder though why BPF was not extended with an "offset"
> keyword.
Why would an "offset" keyword be better in the filtering language than, say,
the "vlan" keyword it already has? You'd still have to do the same sor
Hi,
>
> Does this help?
>
> https://blog.wireshark.org/2009/10/capture-filters-and-offsets
Yes it does. Makes me wonder though why BPF was not extended with an "offset"
keyword.
Thanks for the link!
Andrej-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
>> (Michael, do you want some regression tests, i.e. a sample
>> capture or captures and the corresponding tcpdump output?)
> yes, I really, really, really, prefer to have those test cases as sanity
> checks.
You will find a pcap file attached to
https://bugs.wireshark.org/bugzilla/show_bug.c
Hi,
On Wed, Apr 27, 2011 at 03:25:40PM -0400, Michael Richardson wrote:
> > "Gert" == Gert Doering writes:
> Gert> is someone already working on a tcpdump dissector for IP
> Gert> protocol 97 (ethernet tunneled over IP, RFC 3378)?
>
> Lack of answer suggests that the answer is no.
I
On 4/28/11 6:51 AM, Andrej van der Zee wrote:
> Is there any documentation on how libpcap/tcpdump/BPF deal with VLAN
> tags? Its still a bit of a mystery to me...
Does this help?
https://blog.wireshark.org/2009/10/capture-filters-and-offsets/
--
Join us for Sharkfest ’11! · Wireshark® Developer
Hi,
> I have a ProCurve J9021A Switch 2810-24G and configured port A to be
> mirrored to port B. When I run tcpdump on port B, I can only see the
> outgoing traffic on port A, but no incoming traffic at all! The
> configuration menu of the switch does not have any options for egress
> and/or ingre
Hi,
I am facing an issue that I cannot solve... I was hoping somebody
could get me back on track...
I have a ProCurve J9021A Switch 2810-24G and configured port A to be
mirrored to port B. When I run tcpdump on port B, I can only see the
outgoing traffic on port A, but no incoming traffic at all!
> "Guy" == Guy Harris writes:
Guy> Checked into the trunk and 4.2 branches.
Guy> (Michael, do you want some regression tests, i.e. a sample
Guy> capture or captures and the corresponding tcpdump output?)
yes, I really, really, really, prefer to have those test cases as sanity
c
Juliusz, I applied your April 24 patch.
Do you have some sample pcap files and expected output (use -t).
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] m...@sandelman.ottawa.on.c
Rick, I've committed your pcap file and .out file.
I edited the out file to remove the dates (-t option), and I suggest you
want to generate one file for each -v level.
It's pretty important for me to have the .pcap and .out file. You
can run things directly as:
cd tests
./TESTonce sflo
> "Andrej" == Andrej van der Zee writes:
>> (No, the "any" device doesn't give you Ethernet packets, even if,
>> at the time you start the capture, the only interfaces on your
>> machine are Ethernet interfaces. If you want to capture on a
>> particular Ethernet device, use i
> "Guy" == Guy Harris writes:
>> The former is easy enough - attached is a compressed pcap file
>> with 30 captured PDUs which can be used for testing. They are
>> all just counter samples, there are no flow samples. Also
>> attached is a compressed "cooked" file with the co
> "Gert" == Gert Doering writes:
Gert> is someone already working on a tcpdump dissector for IP
Gert> protocol 97 (ethernet tunneled over IP, RFC 3378)?
Lack of answer suggests that the answer is no.
--
] He who is tired of Weird Al is tired of life! | firewalls [
> "Juliusz" == Juliusz Chroboczek writes:
Juliusz> This version includes a couple of fixes from Wireshark.
Thanks!
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] m...@s
> "Rick" == Rick Jones writes:
Rick> I have an output style question before I continue hacking at
Rick> print-sflow.c. Some of the fields in the PDUs are encoded -
Rick> the top two bits are a format which change the meaning of the
Rick> remaining 30 bits. my question is whe
17 matches
Mail list logo
