const struct tcphdr * tcp_hdr = (const struct tcphdr *)(sp + ETHER_HDRLEN
+ IP_HL(ip));
This is surely wrong.
The size of the IP header is IP_HL(ip)*4 not IP_HL(ip)
On Fri, Aug 20, 2010 at 7:29 AM, Andrej van der Zee
andrejvander...@gmail.com wrote:
Hi,
static void
The relative numbers are not part of the packet/protocol.
The absolute ones are what the actual packets contain.
To get relative numbers you would need some code.
You basically need to keep a list of every single tcp connection you
see, based on ip:port - ip:port.
First time you see a TCP
to print the correct/absolute numbers instead and see that
this time they are the same.
regards
ronnie sahlberg
On Fri, Aug 20, 2010 at 9:15 AM, Andrej van der Zee
andrejvander...@gmail.com wrote:
Hi,
const struct tcphdr * tcp_hdr = (const struct tcphdr *)(sp + ETHER_HDRLEN
+ IP_HL(ip
treats these as don't
check, probably checksum offload)
regards
ronnie sahlberg
On Wed, Apr 7, 2010 at 11:56 AM, Roy Smith r...@panix.com wrote:
I've got an application which listens for UDP (SNMP) data. We want to add a
logging feature where every UDP packet that's received is stored
On Sat, Jul 25, 2009 at 5:29 AM, Guy Harrisg...@alum.mit.edu wrote:
On Jul 21, 2009, at 11:12 PM, Guy Harris wrote:
On Jun 23, 2009, at 7:34 PM, Mike Kershaw wrote:
(This now actually hits my error catcher where 100 fd highs in a row
with no packets triggers a shutdown of the source, since
On Tue, Dec 23, 2008 at 8:18 AM, Matthias Wenzel tcpd...@mazzoo.de wrote:
Guy Harris wrote:
On Dec 22, 2008, at 1:51 AM, Matthias Wenzel wrote:
we have a set of opensource tools that read and write pcap files from/to
DECT devices. The SW will go public still this year. We're working with
On Tue, Dec 9, 2008 at 7:40 PM, David Gibson
[EMAIL PROTECTED] wrote:
I've implemented a first cut at adding support to libpcap to capture
from the Linux /dev/input/event* (evdev) devices. Draft patch is
included below.
However, I've realised there's a problem. Since it's an internal-only
On Nov 7, 2007 12:54 PM, Rick Jones [EMAIL PROTECTED] wrote:
Harley Stenzel wrote:
On Nov 6, 2007 2:03 PM, Rick Jones [EMAIL PROTECTED] wrote:
Any thoughts as to how to deal with false checksum failure reports for
outbound
traffic being sniffed on a system with ChecKsum Offload (CKO)? It
Do we really need 4 bytes to store the endpoint address in the header?
Without changing the size of the header,
what about splitting the four bytes of endpoint address into two 16 bit integers
one of them is endpoint address and the other is which usb interface
the capture was taken on ? the
large segment offload (LSO)
can be easily detected by
TCP checksum==0and being incorrect
and that the segment is much larger than the normal mtu.
On 4/7/06, Guy Harris [EMAIL PROTECTED] wrote:
Hannes Gredler wrote:
checked in - thanks for the submission - /hannes
On Wed, Jan 19,
On Tue, 21 Sep 2004 10:38:27 -0400, Jefferson Ogata
[snip]
but in my code when I try to read the tcp sequence numbers, I get very
odd values of sequence number. Here follows the code snippet I use to
read sequence number. The values I get do not correspond to the ones I
read using
- Original Message -
From: Jefferson Ogata
Sent: Wednesday, April 14, 2004 6:29 PM
Subject: Re: [tcpdump-workers] Proposed new pcap format
Ronnie Sahlberg wrote:
I dont see really the benefit from using XML at all.
Usually I find that people who say that haven't used XML
Given all the desirable options people are looking for in this, and the
need for future growth, I think we should seriously consider an
XML-based format. Besides making it easy, format-wise, to include many
optional features and types of metadata, programs could also embed
decoded frame
- Original Message -
From: Loris Degioanni
Sent: Monday, April 12, 2004 2:56 PM
Subject: Re: [tcpdump-workers] Proposed new pcap format
I'd prefer a general flag field, which would include a direction
indication (which might also include, for received packets, an
indication of
Oh, I forgot.
Another useful thing to have is an option for the packet block where one
would store
a reasonably collission-safe 8-byte hash of the packet data.
This would make it much easier to compare two different capture files to see
where packets are missing etc.
-
This is the
15 matches
Mail list logo