ose first appeared in libpcap 1.0, which was
> released in 2008, almost 16 years ago.
> Is there any reason not to require libpcap 1.0 or later? If there is,
> is there any reason not to require libpcap 0.7 or later?
I think libpcap 1.0 or later is good.
--
Michael Richardson
Guy Harris wrote:
> If so, do we
> 1) require people to have autotools installed and run ./autogen.sh
> or
> 2) generate the configure scripts on some standard platform and check it
in
3) stop using autoconf, cmake only.
___
Bill Fenner wrote:
> mcr suggested:
>> I wonder if we should nuke our own make tarball system.
> The creation of a tarball and its signature gives a place to hang one's
hat
> about origin of code - "someone with the right key claims that this
tarball
> genuinely reflects
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpd
Guy Harris wrote:
> Is the list working?
It was not.
I finally found the web process hanging onto a database lock, and cleared
that.
___
tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org
To unsubscribe send an email to
Michael Richardson wrote:
> Michael Richardson wrote:
>> This message is partly to see if anything is fixed.
> At least the emails went through, but did not get archived yet.
> Help sought.
maybe working now.
___
Michael Richardson wrote:
> This message is partly to see if anything is fixed.
At least the emails went through, but did not get archived yet.
Help sought.
___
tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org
To unsubscribe s
We have gone from 3.3.3 to mailman3 3.3.8 with an operating system update to
Debian 12 (Devuan 4). Missed the broken kernel (I checked).
The previous system had numerous faults, particularly around archiving which
I was unable to fix in the time I had available.
This message is partly to see
Stig Bjørlykke via tcpdump-workers wrote:
> We are in the process of making a trace tool and a Wireshark dissector
> for DECT NR+ [1]. The "DECT-2020 New Radio (NR); Part 4: MAC layer"
> chapter 6 defines PDU formats and parameters for this protocol.
> Proposed name:
Guy Harris wrote:
> Should we also consider removing support for some older UN*X platforms,
> such as:
Yes.
> SunOS prior to SunOS 4 - pcap-nit.c; the last such version, SunOS
> 3.5, was released in January 1988
> SunOS 4.x - pcap-snit.c; the last such version, SunOS
Zhang, Cynthia X. (GSFC-710.0)[KPMG LLP] wrote:
> Hello, my name is Cynthia Zhang and I am a Supply Chain Risk Management
> Analyst at NASA. NASA is currently conducting a supply chain assessment
> of libpcap. We are interested in confirming the following information:
> 1. Is
Scheffenegger, Richard wrote:
> Tcpdump - any every tool afterwards - has been using "." for ACKs.
Hi, so there have been some tools which have parsed the tcpdump "TCP" output
in the past, and there have been small variations in the output, and often
we've broken those tools.
One such tool
Francois-Xavier Le Bail wrote:
> Does anyone see a problem with this change? (Answer on PR page.)
> https://github.com/the-tcpdump-group/tcpdump/pull/812
It looks so simple, it's probably correct :-)
--
Michael Richardson. o O ( IPv6 IøT consulting )
San
could be a global map of pcap_t* handles to
> thread ID's, something like:
> struct Mapping { pcap_t *handle; pthread_t thread_id; };
> Mapping mappings[32u];
I could tolerate this.
--
] Never tell me the odds! | ipv6 mesh networks [
]
There are some problems on the list host where some files wind up root owned,
when they shouldn't be.
___
tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org
To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org
I'm sorry for the troubles.
We are still getting continuous attempts to send email subscribe (DDoS) spam
via HTTP, even though mailman2 is gone, and the links are are 404, but the
script kiddies continue. fail2ban is doing some things, needs further tuning.
But overall, it's just annoying.
Michael Richardson via tcpdump-workers
wrote:
> --- Forwarded Message
The DMARC mitigation was forced on, which is not what I wanted.
___
tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org
To unsubscribe send an email to tcpd
--- Begin Message ---
The mailing list has been moved from a mailman2 host to a mailman3 host.
I had subscribed everyone with an option to confirm, but that was a bad idea.
I have now found the import21 command, and imported the "pickle" file from
the mailman2 installation.
I hope that this
ith a subtype header, but if you want to go with three, I don't
object.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.san
provide further information.
> Best regards
> Frank Gorgas-Waller Software Architect
> Auerswald Gesellschaft für Datensysteme mbH Vor den Grashöfen 1 38162
> Cremlingen Germany
--
] Never tell me the odds! | ipv6 mesh networks [
--- Begin Message ---
Francois-Xavier Le Bail via tcpdump-workers wrote:
> To save CI runtime, I have committed
> a063c2d21417345ee583551ef2c07a0be6b32696 for libpcap.
> This will currently run only five builders (amd64, arm64, ppc64le,
> s390x and osx) and do the matrix
--- Begin Message ---
Yao, Jiewen wrote:
> Thank you. I will file a Pull-Request.
> The DOE header definition can be found
>
https://github.com/jyao1/openspdm/blob/master/Include/IndustryStandard/PciDoeBinding.h
> It starts from PCI_DOE_DATA_OBJECT_HEADER.
That sounds like
--- Begin Message ---
Yao, Jiewen via tcpdump-workers wrote:
> Hello Any response ?
> Thank you Yao Jiewen
...
Hi, sorry abotu that.
> Hi I write this email to request to below 2 link types.
> 1. MCTP
> Management Component Transport Protocol (MCTP) is an industry
ly-installed tcpdump.
Effectively, this is what libtool tries to do.
I would rather just be explicit about it somehow.
Maybe that goes into how we use "make check", but I'm not sure where else it
matters.
--
] Never tell me the odds! | ipv6 mesh
ith one of my Ubuntu VMs.
> In the meantime, for some fun head-exploding reading, take a look at
> https://en.wikipedia.org/wiki/Rpath
> and perhaps some other documents found by a search for
Yeah... I don't even know what to say.
--
] Never tell me the odds! |
--- Begin Message ---
Guy Harris via tcpdump-workers wrote:
> I've been thinking about a world in which we have more pcapng-style
> APIs. With a capture API that can deliver, for each packet, something
> similar to a pcapng Enhanced Packet Block, with an interface number
> from
--- Begin Message ---
Michael Richardson via tcpdump-workers wrote:
> bpf.tcpdump.org is being updated from devuan ascii (2.0) to devuan
> beowolf (3.1). (Equvialent to Debian buster).
> I've doing this to upgrade git to the version that supports --mirror,
--- Begin Message ---
bpf.tcpdump.org is being updated from devuan ascii (2.0) to devuan beowolf
(3.1).
(Equvialent to Debian buster).
I've doing this to upgrade git to the version that supports --mirror, which is
not the right thing for the local repositories.
(I was, you know, reading the man
--- Begin Message ---
Bill Fenner via tcpdump-workers wrote:
> It would be perfectly reasonable (and fairly straightforward) to update
> libpcap to be able to filter on the Ethernet address in DLT_LINUX_SLL
> or DLT_LINUX_SLL2 mode. There are already filters that match other
>
--- Begin Message ---
wrote:
>> -Message d'origine-
>> De : OPSAWG [mailto:opsawg-boun...@ietf.org] De la part de Michael
>> Richardson
>> Envoyé : mardi 22 décembre 2020 17:36
>> À : Guy Harris
>> Cc : Pcap-ng file form
or whether
> it's still supported.
Wow, lots of ill-defined complexity here.
I think that we should just regard this as water under the bridge.
If NetBSD wants to propose a use for those empty bits, then a new
specification could update that use case.
--
Michael Richardson. o O ( IP
That one's there for NetBSD; I *think* the packet contains just a PPPoE
> header and payload. I may have to dig into the NetBSD code to see what
> they do.
okay, but we don't have to get that perfect in the document.
What matters is that it points to /linktypes.html in th
--- Begin Message ---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Carsten Bormann wrote:
> On 2020-12-22, at 01:31, Michael Richardson wrote:
>>
>> #define LT_FCS_LENGTH(x) (((x) & 0xF000) >> 28)
>> #define LT_FCS_DATALINK_EXT(x
arris-opsawg-pcap-01
Diff: https://www.ietf.org/rfcdiff?url2=draft-gharris-opsawg-pcap-01
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
--- End Message ---
___
tcpdump-
d? Or would that be indicated by LENGTH_PRESENT(x)==0?
Or is 0 ==> 8 * 16-bits => 128 bits of FCS.
I'm going to propose IANA considerations in a followup email and in -01.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwid
--- Begin Message ---
I forgot not to PGP sign.
--- End Message ---
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
--- Begin Message ---
Michael Richardson via tcpdump-workers wrote:
> trying without GPG signature
YUP. That's it. So mailman2 will have to get replaced finally.
It eats emails with signature attachments, I think. This is new.
After a few hours thinking about my previous email I wan
extensive rework so that pcap_create() could create handle for
live and offline captures, and that specifying the capture type was
just another set.
These are not mutually exclusive.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sand
ixes, or should we rely on Red Hat and others for that?
I can strive to do better.
I think that you are on the security@ list, and I think that this did go
through that list at the time.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, San
--- Begin Message ---
Denis Ovsienko via tcpdump-workers wrote:
> [...]
>> The first step I'd take would be to get rid of the GPLed headers in
>> favor of BSD-licensed headers, e.g. taking the ip.h, tcp.h, and udp.h
>> headers from tcpdump and changing the code to work with them.
r *two* capture file formats, these lists are
> probably better places for discussion than having two pull requests and
> discussing them in comments there.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software W
I took it directly to the list to ask if this was right.
You didn't miss anything.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/
--- Begin Message ---
Francois-Xavier Le Bail wrote:
>> > If we do, we should replace all the tabs in pcap-int.h with spaces; we
>> > should at least be consistent, and change #918 fixed one inconsistent
>> > case.
>>
>> Let's agree that we are going towards spaces.
>> I
hitespace settings?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
--- End Message ---
__
just use "snprintf()" now.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
--- E
not present
in libpcap 1.8.x
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
gh reason.
> Although there'd be more work required - TESTonce depends on having
> cat, diff, and sed, and crypto.sh depends on grep, for example.
cat and sed I can eliminate.
probably the crypto.sh can be brought into the test structure.
--
] Never tell me the odds!
Guy Harris wrote:
> If "make check" required *only* Perl, not a Bourne-compatible shell,
> that might also make running "make check" on Windows easier.
That's probably a good enough reason.
___
tcpdump-workers mailing list
that Perl is now ubiquitous enough on Windows that we could just
use one program to drive it all?
OpenSSL uses the Perl unit test framework; I'm not sure I'd want to go that
far, but I'd consider it.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael
a four hour disaster?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpdump-
intention to have it adopted there, there is no advantage
to daking it hta tway.
http://socket.hr/draft-dfranusic-elee-00.xml
This URL is really good enough for me.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Softw
ed to be easily extensible.
So, you'd create whatever blocks you needed.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/|
..0i8i30j0i24j0i10i24.whbzqDKWRMA
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails
of thing.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
https://lwn.net/Articles/782785/rss
If tcpdump was to do this, what kind of things would you want to revise?
Man page, web site, pcap API documents, API walkthrough, tuning, how to
capture or analyze things...
___
tcpdump-workers mailing list
ds, and
what they are used for?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| r
mailman-boun...@lists.tcpdump.org wrote:
> PcapPlusPlus Support has been successfully
> subscribed to tcpdump-workers.
What an interesting email address :-)
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
I'll get you a DLT value by Friday!
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
the right flag to use.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby
Steve Bourland wrote:
> Yes, things broke moving from 4.15.0-32 to 4.15.0-34, so it looks like
> the change came with the move from -32 to -33 (the original machines
> showing the problem have the -33 kernel installed).
> These kernels are what come with Ubuntu 18.04 from
specific
URL?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby
Francois-Xavier Le Bail wrote:
>> 2) For tests in TESTLIST, we could build and check the output with
TZ=GMT0 (in TESTrun.sh and
>> update-test.sh).
>> Like that, we could run the tests without the '-t' option and get
problems/changes in time printing
>> functions. Need an update
additional times from within the tickets or
something? If so, they should definitely be in UTC... whether we do that
with TZ=GMT0 or fix the printer, I'm not sure.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works
as our official mechanism now... i.e. have
travis, etc. use it in preference to configure.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://
libdnet unknown version
> Compiled with AddressSanitizer/CLang.
> Need autoreconf.
> And 1.9.1 ?
Let's do 1.9.1 in September.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
is coming very soon, and a 4.10 as well.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails
secur...@tcpdump.org is not an appropriate place to ask about binaries.
Sometime on tcpdump-workers might be able to help you.
https://www.androidtcpdump.com/ also is around.
I don't know who runs it.
I spent some time trying to integrate the Android (ASOP) build system
Makefiles into tcpdump,
Steve Bourland wrote:
> If you have the server's certificate, wireshark has the capability to
I think you mean the server's private key.
> decrypt SSL traffic captured with tcpdump, but you must have the
> certificate and the start of the tcp session.
TLS 1.3 will break that as it
/RESTRICTION_CLASS_README.html#internal][2]
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails
for any of the pushes I did.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
dlt.h and that new file from a third file (YAML
or JSON or CSV format...)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby
Michael Richardson wrote:
> Since we now support building on windows, should we attempt to get
> appveyor to do regular builds for windows?
I see the .appveyor.yml now.
I didn't see it integrations, because it's transitioned to webhooks.
> Is there another choice? My e
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpdump-workers maili
gt; greppable output being the purpose of the flag), which puts the IPv4
> input back on one line:
How can we move to this format?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network ar
a makefile rule... part of make release or
something?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/|
it will be used. libz.so is probably pretty ubiquitous, so probably I'm
just grasping at straws, but already have a bunch of annoying dependancies
for libpcap...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| n
h just writing out data in gzip format from the outset.
I have some concern with introducing a new libz.so or something dependancy to
libpcap. I wonder if a popen("|gzip >") will work?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael
odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpdump-workers mailing list
tcpdum
! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpdump-workers mailing list
tcpdump-workers
I would imagine either having two
packages, or can it be compiled with both APIs?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/
IETF96 is next week in Berlin.
(unicast me if you want to connect...)
As usual, the tcpdump releases tend to get done around an IETF meeting, but
my life has been too hectic of recent. There will be a release next week.
Probably WednesdayAny show stoppers?
! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
o the kernel?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| r
fic on outgoing, tcpdump captures before the
hardware queue. A big hardware send buffer would result in significant skew.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@san
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpdump-workers mailing list
tcpdum
start controlling my lights,
turning the TV on and off and even making my curtains open and
close. What fun! "
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect
should see
the not-port-53 packets decoded.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.c
> Since this is [RFC] and - if I understand correctly - there are
> problems with the produced BPF code, maybe this should be
> discussed in the tcpdump-workers mailing-list?
Michal Sekletar wrote:
> Any particular reason why we shouldn't continue
nversion function that returns a bigger type.
A tested patch would be most appreciated...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelma
> What are the pairs major / minor to authorize currently?
I think that as long as major <= PCAP_VERSION_MAJOR, we are good.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
]
t we should use flex, and >2.5.6?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/
e the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpdump-workers mailing list
tcpdump-workers@lists.t
http://lwn.net/Articles/656335/rss
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpdump-workers
re: https://github.com/the-tcpdump-group/tcpdump/pull/464
Guy writes:
We have the -C option, giving a file size in megabytes (real megabytes,
i.e. 1,000,000 bytes, not 1,048,576 bytes); once the file gets that big,
tcpdump switches to a new file.
This adds another file size option, with a
bpf.tcpdump.org will go down at about 2pm EDT for about an hour
so that I can transfer it to a more powerful virtual machine host.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect
Guy Harris g...@alum.mit.edu wrote:
I have no problem with having lts- branches created for distros, and I'd
rather do that than have old stable. I'd rather call them something
like:
wheezy-4.7
or centos7-4.7
So, if both Chocolate Coated Spinach Linux Orangina
we can abandon
them...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails
Jesse Johnson jesse.alan.john...@gmail.com wrote:
Is there a list of things that need to be done ie: bug fixes, new
features, documentation, etc...?
1) Reading issues on github is important.
2) the priv seperate work that brooksdavis is doing
great. Thank you for including sample packets!
Is this the kind of thing seen in home routers/SoC?
I'm just wondering where one has to dump to see traffic like this...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works
1 - 100 of 453 matches
Mail list logo