it
will take some more tests to look for the byte order if one of these
reserved block types is found (and this not very common).
Any final decision for this issue??
Have a nice day
GV
- Original Message -
From: Fulvio Risso [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: Gianluca Varenni [EMAIL
- Original Message -
From: Guy Harris [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 14, 2004 1:45 AM
Subject: Re: [tcpdump-workers] Buffer size question
Ed Maste wrote:
1) Add a new pcap API function pcap_set_bufsize that can be used
to set the size used for
- Original Message -
From: Felipe Kellermann [EMAIL PROTECTED]
To: Tcpdump Workers Mailing List tcpdump-workers@lists.tcpdump.org
Sent: Wednesday, February 09, 2005 2:04 AM
Subject: Re: [tcpdump-workers] PCAP-NG suggestion
On Sun, 13 Feb 2005 12:41pm +0100, Gianluca Varenni wrote:
I
Hi Ben.
I know the issue. The author of that page has rebuilt the web site (up to a
week or so ago it was under construction), the new page seems to be
http://www.micro-logix.com/WinPcap/Supported.asp
*but* it says under construction.
Unfortunately, none of us (winpcap team) has stored that page
://www.micro-logix.com/WinPcap/Supported.asp
I've updated the FAQ on the winpcap web pages, as well.
Have a nice day
GV
- Original Message -
From: Gianluca Varenni [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org; [EMAIL PROTECTED]
Cc: tcpdump-workers@lists.tcpdump.org
Sent: Sunday
- Original Message -
From: Felipe Kellermann [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Sunday, February 20, 2005 9:44 PM
Subject: Re: [tcpdump-workers] PCAP-NG suggestion
On Sun, 20 Feb 2005 7:21pm +0100, Gianluca Varenni wrote:
Uhm. At first, I thought
Hi all.
Is there any new plan for the release of libpcap 0.9?
I was planning of including libpcap 0.9 in WinPcap 3.1, which is scheduled
pretty soon (1 month or so).
Have a nice day
GV
- Original Message -
From: Michael Richardson [EMAIL PROTECTED]
To: Guy Harris [EMAIL PROTECTED];
Just resending it as it was a reply to a quite oldish message...
Have a nice day
GV
- Original Message -
From: Gianluca Varenni [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Monday, May 09, 2005 12:03 PM
Subject: Re: [tcpdump-workers] preperation for 3.9 branch
Hi all
- Original Message -
From: Guy Harris [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Monday, May 16, 2005 11:20 AM
Subject: Re: [tcpdump-workers] preperation for 3.9 branch
Gianluca Varenni wrote:
Is there any new plan for the release of libpcap 0.9?
At this point, I
- Original Message -
From: Guy Harris [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Thursday, June 02, 2005 2:30 PM
Subject: Re: [tcpdump-workers] pcap_dump_file CO
On Jun 2, 2005, at 11:42 AM, Loris Degioanni wrote:
Trying to understand why the -C tcpdump option
Hi all.
Since the NTAR/pcap-ng topic spans multiple mailing lists, I suggest
everybody to send messages to the ntar-workers mailing list (I forgot to put
that mailing list in my original announcement mail, my bad...), so that it's
easier for everyone to follow the discussion (and in order to
compatibility at the file reading or API levels?
Thanks,
Stephen.
Gianluca Varenni wrote:
Hi all.
This mail is to announce the birth of the NTAR project. NTAR stands for
Network Trace Archival and Retrieval library, and is an implementation of
the PCAP next generation dump file format
- Original Message -
From: Hannes Gredler [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Cc: tcpdump-workers@tcpdump.org
Sent: Wednesday, July 13, 2005 4:35 AM
Subject: Re: [tcpdump-workers] print-slow.c
On Tue, Jul 12, 2005 at 11:10:38PM -0700, Loris Degioanni wrote:
|
- Original Message -
From: Guy Harris [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Friday, August 12, 2005 10:25 AM
Subject: Re: [tcpdump-workers] Pings fail unless tcpdump is watching both
Cian Masterson wrote:
Can anyone tell me what changes/hooks tcpdump puts into
- Original Message -
From: Rick Jones [EMAIL PROTECTED]
To: tcpdump-workers@tcpdump.org
Sent: Thursday, November 10, 2005 11:05 AM
Subject: Re: [tcpdump-workers] CVS down? Daily snapshot script broken?
Albert Chin wrote:
Is CVS down?
$ cvs up
cvs [update aborted]: connect to
Hi Evan.
Do you have any idea if performance is affected by these patches?
I'd probably expect almost no performance penalty in pcap_ftell() (apart
from the fact that you allocate memory with malloc), and some performance
hit with pcap_fseek (because basically you flush the FILE cache).
doesn't accept SSH1 keys (we were still using old keys, our fault, I know).
Loris and me have already tried to contact Michael about these problems (we
have some win32 specific fixes we need to commit), without any luck.
Anyone here helping us?
Gianluca Varenni
WinPcap Team
Alexander,
I think you are referring to pcap-ng (the new file format that will
eventually substitute the old one generated by libpcap).
At the moment the only experimental implementation of pcap-ng is given by
the NTAR library, available at
http://www.winpcap.org/ntar
Have a nice day
GV
- Original Message -
From: Guy Harris [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Monday, January 09, 2006 12:09 PM
Subject: Re: [tcpdump-workers] where to get libpcap-ng?
On Jan 9, 2006, at 9:12 AM, alexander medvedev wrote:
As far as i understood NTAR is an
:
Gianluca Varenni wrote:
- Original Message - From: Guy Harris [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Monday, January 09, 2006 12:09 PM
Subject: Re: [tcpdump-workers] where to get libpcap-ng?
...
At least as I understand it, it's an implementation of *part
- Original Message -
From: Michael Richardson [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Wednesday, January 11, 2006 9:37 AM
Subject: Re: [tcpdump-workers] where to get libpcap-ng?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Guy == Guy Harris [EMAIL
- Original Message -
From: [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Thursday, January 12, 2006 3:11 PM
Subject: [tcpdump-workers] Multi process sniffing and dropped packets
Hi people!
I'm writing a sniffer with libpcap 0.9.3 that gets
packets and makes some
I would probably use pcap_next_ex instead of pcap_loop (pcap_next_ex is
available on recent versions of libpcap, let's say at least for the last 2-3
years). If you use pcap_next_ex you basically create your own capture loop,
and so you can break it whenever you want.
GV
- Original
- Original Message -
From: Harley Stenzel [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Friday, October 06, 2006 10:46 AM
Subject: [tcpdump-workers] Headroom
Greetings--
Has the idea of headroom for libpcap-based stack applications been
discussed before? The idea is
- Original Message -
From: Harley Stenzel [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Friday, October 06, 2006 12:25 PM
Subject: Re: [tcpdump-workers] Headroom
On 10/6/06, Gianluca Varenni [EMAIL PROTECTED] wrote:
Uhm, what's the purpose of some amount of memory
- Original Message -
From: Harley Stenzel [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Monday, December 04, 2006 1:30 PM
Subject: Re: [tcpdump-workers] pcap files with file header snaplen packet
On 12/4/06, Gerald Combs [EMAIL PROTECTED] wrote:
Harley Stenzel
Guys,
it looks like the optimizer for the BPF compiler has a bug and removes some
needed LD instructions. This happens on the HEAD and 0.9.x branch (I tested
it with optimize.c 1.87 and 1.85.2.1 as well as older versions).
Details
Linktype: DLT_802_11_RADIO (802.11 + radiotap) or DLT_802_11
Guys,
the attached patch fixes some of the problems in the current wlan code
generation of pcap_compile.
In particular it should fix these problems:
1. the 802.11 header size of a data frame has not a fixed size. When the QoS
bit is set in the subtype field (QoS DATA frame), the header is
I guess it's some sort of TCP offloading done at the board level. The driver
sends big frames (1500bytes) to the NIC card, and the NIC card is
responsible from creating smaller segments that are sent over the wire. I've
seen a similar behavior on Windows with some gigabit network cards (if i
- Original Message -
From: Michael Richardson [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Tuesday, July 10, 2007 12:41 PM
Subject: Re: [tcpdump-workers] Patches for wlan filtering
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oh, stupid me.
I see the patch is
[Posted again as it looks like the mail server rejected my 1st attempt]
Is there any reason why the e-mail starts with
This email contains confidential material.
???
Have a nice day
GV
- Original Message -
From: Automatic cvs log generator /tcpdump/bin/makelog [EMAIL PROTECTED]
[Posted again as it looks like the mail server rejected my 1st attempt]
No problem at all.
Talking about the website, would it be possible to fix the mailing list
archive (http://www.tcpdump.org/lists/workers/), as it's stuck at the end of
2006?
And finally, in the page at
Uhm...
I agree with you. The server is either really slow or completely down.
Have a nice day
GV
- Original Message -
From: Luis Martín García [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Monday, August 06, 2007 1:47 AM
Subject: [tcpdump-workers] Tcpdump web down?
Ken,
I just got back from my vacation. I'd just like to test that the 0.9/3.9
branches of libpcap and tcpdump compile correctly under windows (within
winpcap and windump). I can do that this morning. Do I still have time for
that?
Have a nice day
GV
- Original Message -
From: Ken
fix it by taking the
needed files from BSD, but it make take a couple hours to do that.
Can we delay the release of 0.9.8/3.9.8 until tomorrow?
GV
- Original Message -
From: Gianluca Varenni [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Cc: Michael Richardson [EMAIL
Well, I've just pulled a couple include files out of BSD and now it compiles
under VC6. I still have some minor issues compiling everything under Cygwin,
but it's not related to PFVAR.
Have a nice day
GV
On Thursday 13 September 2007, Gianluca Varenni wrote:
...
-print-pflog.c: this file
- Original Message -
From: Guy Harris [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Thursday, September 13, 2007 10:45 AM
Subject: Re: [tcpdump-workers] tcpdump 3.9.8 / libpcap 0.9.8 releases
Gianluca Varenni wrote:
After a quick compilation test, libpcap compiles ok
hold off until your ready.
On Thu, 13 Sep 2007, Gianluca Varenni wrote:
After a quick compilation test, libpcap compiles ok (albeit with some new
warnings popping out from VC6).
tcpdump (0.9.x branch) has some problems, instead:
- print-rsvp.c doesn't compile as it's not strictly C
As a matter of facts, libpcap includes files with more different licenses.
That's why for WinPcap I came out with the long license available at
http://www.winpcap.org/misc/copyright.htm
Consider that some of those licenses apply to Windows only (as some files
are included in the windows
Ken,
is there a date for the release of tcpdump 4.0 and libpcap 1.0? I've
committed some mods to make libpcap 1.0 compile within WinPcap, I still need
a couple tweaks in tcpdump (some code related to signals was added in
tcpdump, and obviously that doesn't compile under windows).
Have a
Since the plan is to release libpcap 1.0/tcpdump 4.0 at the end of the
month, I'm back (again) bugging people wrt a patch I submitted some time ago
for wireless filtering for which I didn't have any feedback.
The mail is archived here
http://article.gmane.org/gmane.network.tcpdump.devel/2268
I think there are still problems.
www.tcpdump.org correctly resolves to the new IP address, but it's not
reachable at least from here in CA through ATT/SBC.
A traceroute to www.tcpdump.org shows this
4 9 ms 8 ms 8 ms dist2-vlan50.scrm01.pbi.net [64.171.152.67]
5 8 ms 7
- Original Message -
From: Guy Harris [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Monday, November 05, 2007 2:03 PM
Subject: Re: [tcpdump-workers] Patches for wlan filtering
Guy Harris wrote:
On Oct 30, 2007, at 3:42 AM, Guy Harris wrote:
I won't be able to fix
Checked in on HEAD and the libpcap_1_0 branch.
Thanks!
GV
- Original Message -
From: Gisle Vanem [EMAIL PROTECTED]
To: tcpdump-workers tcpdump-workers@lists.tcpdump.org
Sent: Tuesday, November 06, 2007 6:04 AM
Subject: [tcpdump-workers] typo in pcap.c
--- CVS-Latest/pcap.c Wed
- Original Message -
From: Guy Harris [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Monday, November 05, 2007 6:12 PM
Subject: Re: [tcpdump-workers] Patches for wlan filtering
On Nov 5, 2007, at 2:49 PM, Gianluca Varenni wrote:
I plan to compare this with the old
[new BPF code, CVS snapshot. Not working]
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[0]
(006) tax
(007) txa
(008) add #24
(009) st M[1]
(010) ldb [x + 0]
(011) jset #0x8 jt 12 jf 17
(012) jset #0x4
- Original Message -
From: Guy Harris [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Tuesday, November 06, 2007 11:14 AM
Subject: Re: [tcpdump-workers] Patches for wlan filtering
Gianluca Varenni wrote:
I already noticed that the new BPF code doesn't check the
link
It seems to work ok.
Thanks!
GV
- Original Message -
From: Guy Harris [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Tuesday, November 06, 2007 11:12 AM
Subject: Re: [tcpdump-workers] Patches for wlan filtering
Gianluca Varenni wrote:
I think I found the problem
at http://www.tcpdump.org/index2.html
Please let me know what you think. If everyone is OK with the changes
I'll swap the current with this one.
Luis.
Gianluca Varenni wrote:
At the risk of being annoying, before going out with the great and
mighty libpcap 1.0, would it be possible to fix
- Original Message -
From: Arien Vijn [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Cc: Arien Vijn [EMAIL PROTECTED]
Sent: Monday, November 26, 2007 10:13 AM
Subject: Re: [tcpdump-workers] (another) bug in the BPF compiler (wireless)
Hi,
On 26 Nov 2007, at 19:05, Gianluca
, 2007 1:51 PM, Gianluca Varenni [EMAIL PROTECTED]
wrote:
- Original Message -
From: Arien Vijn [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Cc: Arien Vijn [EMAIL PROTECTED]
Sent: Monday, November 26, 2007 10:13 AM
Subject: Re: [tcpdump-workers] (another) bug in the BPF
, 2007 6:38 PM, Gianluca Varenni [EMAIL PROTECTED]
wrote:
I think the answer to this question is no. Right?
Have a nice day
GV
- Original Message -
From: Sassone, Ed
To: [EMAIL PROTECTED]
Sent: Tuesday, November 27, 2007 1:36 PM
Subject: [Winpcap-users] Using filters with IP encapsulation
I agree with you.
Consider that under windows, for example, we have a windows-only function to
set the kernel buffer size
(http://www.winpcap.org/docs/docs_40_2/html/group__wpcapfunc.html#g124bde25ccd9e39017ff2abec2dda623)
and the kernel buffer in WinPcap is actually a ring buffer (although we
- Original Message -
From: Guy Harris [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Thursday, December 06, 2007 4:09 PM
Subject: Re: [tcpdump-workers] [PATCH] enable memory mapped access to
ethernet device for linux
There's also an issue that with the ringbuffer,
- Original Message -
From: Michael Richardson [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Cc: Peter Losher [EMAIL PROTECTED]; Joao Damas [EMAIL PROTECTED]
Sent: Sunday, December 09, 2007 2:53 PM
Subject: Re: [tcpdump-workers] tcpdump patches...
-BEGIN PGP SIGNED
Any news about this release?
Ken Bantoft announced a released candidate to be out in mid november, but
nothing happened.
Have a nice day
GV
smime.p7s
Description: S/MIME cryptographic signature
, there is no need for another
CAN DLT.
You should probably ask Gianluca Varenni whether the format they use at
CACE Technologies matches the format you want to use, if you haven't done
so already.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe
Hi all.
I've just seen that all the documentation of libpcap has been migrated from
a single pcap.3 file to single .3pcap files, one per function (more or
less).
Within WinPcap I have a big problem in generating the documentation. Within
WinPcap we generate html with doxygen out of an
- Original Message -
From: Guy Harris [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Wednesday, April 09, 2008 3:48 PM
Subject: Re: [tcpdump-workers] Libpcap 1.0, WinPcap and documentation
Gianluca Varenni wrote:
Within WinPcap I have a big problem in generating
Same for the CVS, which is AFAIK hosted on the same machine.
Have a nice day
GV
smime.p7s
Description: S/MIME cryptographic signature
- Original Message -
From: Eloy Paris [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Thursday, November 13, 2008 3:24 PM
Subject: Re: [tcpdump-workers] libpcap poll()
Hi Ben,
On Thu, Nov 13, 2008 at 03:13:05PM -0800, Ben Greear wrote:
[...]
The code above works
- Original Message -
From: Ben Greear [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Thursday, November 13, 2008 9:38 PM
Subject: Re: [tcpdump-workers] libpcap poll()
Aaron Turner wrote:
On Thu, Nov 13, 2008 at 8:15 PM, Ben Greear [EMAIL PROTECTED]
wrote:
I guess
Libpcap as-is does not compile within cygwin. You need to use WinPcap. The
WinPcap devpack does provide the necessary lib files for the cygwin build
environment.
http://www.winpcap.org/devel.htm
Hope it helps
GV
- Original Message -
From: Sa-nga Chotikapakorn [EMAIL PROTECTED]
To:
- Original Message -
From: Abdelrazak Younes [EMAIL PROTECTED]
To: tcpdump-workers@lists.tcpdump.org
Sent: Tuesday, December 09, 2008 7:05 AM
Subject: [tcpdump-workers] pcap_findalldevs_ex() and libpcap
Hello there,
I am slowly learning libcap which I find quite useful, thanks a
- Original Message -
From: Guy Harris g...@alum.mit.edu
To: tcpdump-workers@lists.tcpdump.org
Sent: Sunday, December 21, 2008 12:26 PM
Subject: Re: [tcpdump-workers] TCPDUMP 4.0.1rc1 and LIBPCAP 1.0.1rc1
available for testing
On Dec 21, 2008, at 1:25 AM, Gianluca Varenni wrote
- Original Message -
From: Guy Harris g...@alum.mit.edu
To: tcpdump-workers@lists.tcpdump.org
Sent: Friday, February 06, 2009 11:06 AM
Subject: Re: [tcpdump-workers] start pcap in two thread
On Feb 6, 2009, at 7:24 AM, David Andrey wrote:
Can 2 threads (in the same process)
- Original Message -
From: Chris Morgan chmor...@gmail.com
To: tcpdump-workers@lists.tcpdump.org
Sent: Tuesday, March 03, 2009 7:33 PM
Subject: Re: [tcpdump-workers] Hardware mac address with pcap/winpcap
...
Is the development of pcap such that such a feature might be present
in
: Re: [tcpdump-workers] Hardware mac address with pcap/winpcap
On Mar 4, 2009, at 9:19 AM, Gianluca Varenni wrote:
In the case of Windows/WinPcap, we have an internal Packet API to get
the MAC address, the main problem is exposing such MAC address at the
pcap API level. I actually didn't
The file signature.h seems to be missing from the tcpdump package, so
tcpdump does not compile (well, WinDump).
Is this file supposed to be part of a standard *nix distribution?
Have a nice day
GV
- Original Message -
From: Ken Bantoft k...@netfunctional.ca
To:
Have a nice day
GV
smime.p7s
Description: S/MIME cryptographic signature
the last round, so I'm just going to cut another
set, and ask MCR to sign them ;)
Ken
On 29-Apr-09, at 11:29 AM, Gianluca Varenni wrote:
Have a nice day
GV
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https
- Original Message -
From: Guy Harris g...@alum.mit.edu
To: tcpdump-workers@lists.tcpdump.org
Sent: Wednesday, July 01, 2009 12:47 PM
Subject: Re: [tcpdump-workers] [Fwd: Re: Thread Safe Lexer]
On Jul 1, 2009, at 12:04 PM, Behdad Forghani wrote:
Gianluca asked me to forward this
- Original Message -
From: Sam Roberts vieuxt...@gmail.com
To: tcpdump-workers@lists.tcpdump.org
Sent: Thursday, July 02, 2009 11:14 AM
Subject: Re: [tcpdump-workers] [Fwd: Re: Thread Safe Lexer]
On Wed, Jul 1, 2009 at 12:32 PM, Eloy Parispe...@chapus.net wrote:
Do we use Flex and
- Original Message -
From: Guy Harris g...@alum.mit.edu
To: tcpdump-workers@lists.tcpdump.org
Sent: Thursday, July 09, 2009 5:45 PM
Subject: Re: [tcpdump-workers] [Fwd: Re: Thread Safe Lexer]
On Jul 9, 2009, at 3:34 PM, Gianluca Varenni wrote:
This actually makes sense to me (I
Hi all.
I just discovered an interesting leak with the libpcap 1.0 or the current
top-of-tree.
On Fedora 10, kernel 2.6.27.5 or 2.6.27.12, there is a memory leak by which
a simple program like this one will eventually use all the memory on the
system (as reported by top) and eventually the
-
From: Guy Harris g...@alum.mit.edu
To: tcpdump-workers@lists.tcpdump.org
Sent: Friday, July 10, 2009 3:45 PM
Subject: Re: [tcpdump-workers] Memory leak in libpcap (top of tree) and/or
kernel
On Jul 10, 2009, at 3:35 PM, Gianluca Varenni wrote:
I just discovered an interesting leak
to embed all those variables in some
structure and pass them as parameters to the compiler, but I'm not exactly
experienced with reentrant parsers with flex.
Just my two cents
GV
- Original Message -
From: Gianluca Varenni gianluca.vare...@cacetech.com
To: tcpdump-workers@lists.tcpdump.org
What do you mean by it doesn't work correctly?
1. compilation problems?
2. linking problems?
3. the application runs but fails to list the adapters?
4. the application runs, you can open the adapter but you dont capture any
packet?
5. the application runs and captures but it eventually
@lists.tcpdump.org
Sent: Wednesday, July 15, 2009 1:38 PM
Subject: Re: [tcpdump-workers] Any chance of getting tcpdump 4.0.1/libpcap
1.0.1 out?
On Jul 15, 2009, at 1:12 PM, Gianluca Varenni wrote:
There were a couple of commits lately, including some bug fixes to the
USB-linux code.
The bug fixes
However, if you're using DLT_CAN20B, what matters here is what *existing*
software that uses DLT_CAN20B expects; you would have to arrange to make
the frame look like that, regardless of whether it matches struct
can_frame or not, or you would have to request a different DLT_ value,
e.g.
different DLT_ value, e.g. DLT_CAN20B_LINUX or DLT_CAN20B_SOCKETCAN or
something such as that.
Gianluca, what does the header look like in a DLT_CAN20B packet?
Yes, I agree with you. I searched arround for software that uses that
DLT, but did not find anything...
My intention was to avoid to
Presumably aligned(8) means align on an 8-byte boundary; if canid_t
is a 32-bit quantity, then there should be 3 bytes of padding on *all*
platforms.
However, if you're using DLT_CAN20B, what matters here is what
*existing* software that uses DLT_CAN20B expects; you would have to
- Original Message -
From: Abdelrazak Younes younes.ab...@gmail.com
To: Aaron Turner synfina...@gmail.com
Cc: tcpdump-workers@lists.tcpdump.org
Sent: Tuesday, October 27, 2009 6:04 AM
Subject: Re: [tcpdump-workers] pcap_findalldevs() failing on FreeBSD 7.2
Hello Aaron,
Aaron Turner
Just to add to that, we use pcap_next_ex all the time for capturing at
gigabit rates (millions of packets per second) without any performance
issue.
Have a nice day
GV
--
From: Guy Harris g...@alum.mit.edu
Sent: Friday, March 05, 2010 11:57 AM
Can we wait until tomorrow for the release? I fixed a minor compilation
issue of tcpdump under Windows and I want to add the VS2005 projects to the
repository as well.
Have a nice day
GV
--
From: Michael Richardson m...@sandelman.ca
Sent:
What happened to the release?
Have a nice day
GV
--
From: Michael Richardson m...@sandelman.ca
Sent: Thursday, March 11, 2010 7:37 PM
To: tcpdump-workers@lists.tcpdump.org
Cc: Guy Harris g...@alum.mit.edu; Ken Bantoft k...@bantoft.org;
Gianluca
--
From: Madhusudan KR madhusudan...@firstmedia.in
Sent: Tuesday, April 27, 2010 7:29 AM
To: tcpdump-workers@lists.tcpdump.org
Subject: [tcpdump-workers] capturing packets
Hi,
I have a system which has two ethernet interfaces, namely eth0 and
--
From: Andrej van der Zee andrejvander...@gmail.com
Sent: Thursday, August 19, 2010 7:23 AM
To: tcpdump-workers@lists.tcpdump.org
Subject: [tcpdump-workers] tcp sequence and ack number with libpcap
Hi,
I am trying to get the TCP sequence and
More easily: take a capture file containing TCP packets, and run it thru
tcpdump and thru your application. Send what tcpdump reports and what your
application reports.
GV
--
From: Eloy Paris pe...@chapus.net
Sent: Thursday, August 19, 2010 2:43
I would just perform the capture in a separate thread.
Have a nice day
GV
-Original Message-
From: tcpdump-workers-ow...@lists.tcpdump.org
[mailto:tcpdump-workers-ow...@lists.tcpdump.org] On Behalf Of Jeff Garrett
Sent: Thursday, May 05, 2011 8:30 AM
To:
A comment on this. In the last couple of years I've been actually thinking of
dumping the rpcap support out of WinPcap. The reason is that such code is
pretty much unmaintained, I struggle to have the patch compile on Windows every
time, let linux (and all the other OSes supported by libpcap)
Is there a specific reason why shared memory is implemented in such a way that
frame buffers are allocated based on the maximum frame supported frame size
(+junk, see 802.11)? In virtualized environments or in general when you have HW
offloading, the maximum frame size seen by the kernel tap is
Buffers nees to be aligned to the pages (for a number of reasons), but nothing
should prevent storing multiple packets within a single shared buffer (like BSD
does).
Have a nice day
GV
-Original Message-
From: tcpdump-workers-ow...@lists.tcpdump.org
Hi all,
It looks like there is a bug in the optimizer of the BPF compiler, both in 1.0
and trunk on git. If you try to compile the following filter, pcap_compile goes
into some endless loop in bpf_optimize and never exits. If optimization is
disabled the filter is correctly compiled.
: [tcpdump-workers] Bug in the BPF compiler optimizer
On Dec 6, 2011, at 5:47 PM, Gianluca Varenni wrote:
It looks like there is a bug in the optimizer of the BPF compiler, both in
1.0 and trunk on git. If you try to compile the following filter,
pcap_compile goes into some endless loop
When you talk about 15% RAM, do you actually mean working set or virtual
address space? Which version of linux are you using?
Regarding 802.11a/b/g/n, you cannot rely much on the radiotap header of a
beacon frame. The radiotap header will only tell you which band was the packet
transmitted on
Hi all.
It looks like there is a bug in handling a snaplen of 1500 on linux (with mmap
on). If I set a snaplen of 1500 and receive packets 1500 (e.g. 1514), libpcap
returns only 1498 as caplen, and not 1500.
Libpcap latest on git (1.3.0-PRE-GIT_2012_01_15)
Linux RHEL6, kernel
...@lists.tcpdump.org] On Behalf Of Guy Harris
Sent: Sunday, January 15, 2012 6:50 PM
To: tcpdump-workers@lists.tcpdump.org
Subject: Re: [tcpdump-workers] Snaplen (git-latest) not working properly on
linux
On Jan 15, 2012, at 6:44 PM, Gianluca Varenni wrote:
Hi all.
It looks like there is a bug
I've actually seen a similar problem with different NIC drivers, e.g. on RHEL6
running in ESXi 4 with the vmxnet3 drivers.
http://article.gmane.org/gmane.network.tcpdump.devel/5703
GV
-Original Message-
From: tcpdump-workers-ow...@lists.tcpdump.org
To be totally honest, I think the whole way in which vlans are managed in the
filters is quite nonsense. The underlying problem is that normally a BPF filter
is an or or and combination of disjoint filters, so if I write filterA or
filterB I assume that the two filters are disjoints, so
1 - 100 of 104 matches
Mail list logo
