On Nov 20, 2011, at 8:41 AM, Lazarev Dmitry wrote:
> Can I offer binary version of tcpdump for my on needs? To trace
> traffic on my own notebook?
I'm not sure what you mean by "offer". If you want to install a binary version
of tcpdump on your own machine, there are no licensing issues; you'd
On Nov 29, 2011, at 7:48 PM, Gianluca Varenni wrote:
> Is there a specific reason why shared memory is implemented in such a way
> that frame buffers are allocated based on the maximum frame supported frame
> size (+junk, see 802.11)?
I didn't see any of the discussions about it, but my guess
DLT_USER0 is available for internal use, and pcap_open_dead() will
accept it, but pcap_dump_open() is complaining that it doesn't know
the corresponding link type.
I assume this is intentional, but why is it a feature? It seems
preferable that people use libpcap to write pcap files than rolling
th
libpcap has had support for pcap ng files since early 2010. Such
files can contain timestamps with resolutions more precise than
microseconds. From my reading of the code, it appears that when
libpcap reads from such a file, it converts the fractional time values
to units of microseconds, since t
Hi,
I'm seeing incorrect tcpdump output in the following scenario:
* ethernet bonding enabled in the kernel, and a single network
interface (eth0) added as slave
* bonding mode was set to broadcast, but I don't think this matters
* VLAN added to the bond0 network interface
* ip address set on the
Hello!
Can I offer binary version of tcpdump for my on needs? To trace
traffic on my own notebook?
Thank You.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
I came across an issue with tcpdump where the linux kernel couldn't allocate
memory properly when we ran tcpdump -s 0 on one of our boxes. Tcpdump sets
snaplen to 65535 if -s 0 is provided and this became a problem for us, to
get around this I changed the behaviour to query what the MTU actually is
Hi there,
since the one and only German mirror is down we could provide a reliable new
mirror over at http://www.cybermirror.org.
Please let me know.
Cheers,
Sascha
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Hi All,
I was wondering if anyone here has script or any kind of code that is
able to parse tcpdump expressions and break them down to produce a text
file with the results.
I have a bunch of fairly large expressions that have mostly IP addresses
and ports, some of these addresses belong to the s
hi,
I am using libpcap on Openwrt platform, Netgear router wndr3700v2.
I am able to capture packets on phy0, interface.
But what should I do to capture packets on phy0,phy1 simultaneously in the
same program ?
I don't think I can use "any" interface as it might capture packets from
bridge interfac
Is there a specific reason why shared memory is implemented in such a way that
frame buffers are allocated based on the maximum frame supported frame size
(+junk, see 802.11)? In virtualized environments or in general when you have HW
offloading, the maximum frame size seen by the kernel tap is
Could you explain what do you mean by outbound beacons ?
I have been able to capture beacons using libpcap.
Am I missing on something ?
Abhinav
On Mon, Oct 31, 2011 at 3:27 PM, Yifan Zhang wrote:
>
> Hello all,
>
> I am writing my own program, which will be running on a 802.11 AP, to
> capture
On Oct 19, 2011, at 4:17 AM, Tom Carly wrote:
> i'm trying to compile tcpdump with libpcap-pfring. The libpcap compilation
> went fine. With tcpdump compilation (./configure and make) i get this error:
What are the complete contents of the "config.log" file in the tcpdump source
directory?
-
On Nov 13, 2011, at 1:00 PM, Ibrahim wrote:
> According to the IEEE Std 802.11-2007
> it's :
>- 2 bits version
>- 2 bits type
>- 4 bits sub type
>- 8 bits for 8 flags
> when I was comparing my result to wireshark , I noticed the following problem
> fc is 0x0080 as unsigned short
On Oct 17, 2011, at 8:44 AM, Magnus Gille wrote:
> I came across an issue with tcpdump where the linux kernel couldn't allocate
> memory properly when we ran tcpdump -s 0 on one of our boxes. Tcpdump sets
> snaplen to 65535 if -s 0 is provided and this became a problem for us, to
> get around thi
On Oct 10, 2011, at 8:28 PM, Jon Schipp wrote:
> I'm going through some past mailing lists posts and I found this, which may
> have answered my question on where libpcap on Linux gets its drop count:
> http://seclists.org/tcpdump/2010/q3/46
>
> "You have a recent version of libpcap, and a recent
On Oct 17, 2011, at 1:02 AM, Anders Broman wrote:
> What would be required to request a DLT for a proprietary format?
If "proprietary" means "to be kept private to your organization", and you can't
just use one of the DLT_USERn values for it, just ask for it and give a name.
That's one of the
On Nov 17, 2011, at 3:43 AM, Fernando Gont wrote:
> Is it possible to call pcap_compile() more than once on the same libpcap
> descriptor (pcap_t *)?
If it doesn't work, that's a bug. pcap_compile() should
1) use the pcap_t only to get information such as the link-layer header
type an
On Oct 10, 2011, at 7:36 PM, Jon Schipp wrote:
> Are there any plans for a shared memory libpcap version from you guys?
> I know that there are some other that have modified libpcap to use mmap()
> such as Phil's: public.lanl.gov/cpw
>
> I was just curious to whether you guys have anything
Yes,
On Nov 17, 2011, at 2:22 AM, Fernando Gont wrote:
> Basically, I have a program that does this:
>
> 1. Captures and sends some packets
> 2. Does something else
> 3. Captures and sends some packets
>
> I'd like to use the same libpcap descriptor (pcap_t *) for both Step 1
> and step 2 above, but
20 matches
Mail list logo
