Thanks, I will give this a try. -----Original Message----- From: Vadim Kochan [mailto:vadi...@gmail.com] Sent: Saturday, October 17, 2015 5:08 AM To: Geoff Ladwig Cc: 'vkochan'; netsniff-ng@googlegroups.com Subject: Re: [netsniff-ng] netlink
On Thu, Oct 15, 2015 at 07:19:37PM +0300, Vadim Kochan wrote: > On Thu, Oct 15, 2015 at 10:14:09AM -0400, Geoff Ladwig wrote: > > Vadim, > > > > Thanks for responding. > > > > I have never found much use for the ASCII output... but would be > > happy either way. > > > > Possibly a --headers options so you can individually select > > --header, --hex --ascii..? > > > > > > > > I did not necessarily think this would be a new feature.. it seemed > > to work this way be default in an older version (0.5.7) > > > > Running on a different machine with the older version below, you can > > see the header, asiii and hex all presented. This has no command > > line options. I'm guessing the display function shows things it has > > decoded and then shows the rest (the packet data in this case) in hex. > > > > The net link version seems to skip the last step - where it displays > > in hex the parts of the packet it hasn't decoded? > > > > Regards, > > > > Geoff > > > > > > > > > > > > > > > > -----Original Message----- > > From: vkochan [mailto:vadi...@gmail.com] > > Sent: Thursday, October 15, 2015 9:34 AM > > To: Geoff Ladwig > > Cc: netsniff-ng@googlegroups.com > > Subject: Re: [netsniff-ng] netlink > > > > > > > > On Thu, Oct 15, 2015 at 09:16:35AM -0400, Geoff Ladwig wrote: > > > > > This is using the NETLINK_FIB_LOOKUP family (slightly extended data). > > > > > > > > > > Below is a run without -hex and one with -hex. > > > > > > > > > > I don't expect this obscure netlink capabily is fully decoded.. > > > but > > > > > the headers are handy to locate the packets. > > > > > > > > > > In a previous version (that displayed these as Ethernet packets - > > > so I > > > > > had to pick the netlink header out of the > > > > > > > > > > Ethernet src/dst) I could see both the "decoded" header and the > > > data as > > hex. > > > > > With this version, it seems to > > > > > > > > > > be one or the other. > > > > > > > > > > Thanks again > > > > > > > > > > > > > > > > > > > > nlsniff-ng -dev nlmon0 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Nlsniff-ng -dev nlmon0 --hex > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: vkochan [ <mailto:vadi...@gmail.com> > > > mailto:vadi...@gmail.com] > > > > > Sent: Thursday, October 15, 2015 3:28 AM > > > > > To: Geoff Ladwig > > > > > Cc: <mailto:netsniff-ng@googlegroups.com> > > > netsniff-ng@googlegroups.com > > > > > Subject: Re: [netsniff-ng] netlink > > > > > > > > > > > > > > > > > > > > On Wed, Oct 14, 2015 at 09:17:15PM -0400, Geoff Ladwig wrote: > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > > > > > I downloaded, built the latest git master. > > > > > > > > > > > > > > > > > > > > > > I can now decode netlink message (great!) but only get the header. > > > > > > > > > > > > > > > > > > > > > > I imagine this is because not all messages are fully decoded. Is > > > > it > > > > > > > > > > > possible to get both the decoded header and the hex version > > > > > simultaneously? > > > > > > > > > > > > > > > > > > > > > > If I add -hex, it then doesn't print the header. > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > Geoff > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > You received this message because you are subscribed to the > > > > Google > > > > > > Groups > > > > > "netsniff-ng" group. > > > > > > > > > > > To unsubscribe from this group and stop receiving emails from > > > > it, > > > > > > send an > > > > > email to < <mailto:netsniff-ng+unsubscr...@googlegroups.com> > > mailto:netsniff-ng+unsubscr...@googlegroups.com> > > > > > <mailto:netsniff-ng+unsubscr...@googlegroups.com> > > netsniff-ng+unsubscr...@googlegroups.com. > > > > > > > > > > > For more options, visit < <https://groups.google.com/d/optout> > > https://groups.google.com/d/optout> > > > > > <https://groups.google.com/d/optout> https://groups.google.com/d/optout. > > > > > > > > > > > > > > > > > > > > Hi Geoff, > > > > > > > > > > > > > > > > > > > > What kind of netlink messages do you try to dump ? Would you > > > please > > > > > provide some output of netsniff-ng ? > > > > > > > > > > > > > > > > > > > > Regards, > > > > > > > > > > Vadim Kochan > > > > > > > > > > > > > > > > > So seems we need to add new option for human + hex mode ? Is it ok > > if to use combination --ascii & --hex ? > > > > If not then it needs to choose good short & long option names. > > > > > > > > Regards, > > > > Vadim Kochan > > > > So it seems like a bug ?! I will look on it closer ... > > Regards, > Vadim Kochan OK you can get changes from: https://github.com/vkochan/netsniff-ng/tree/netsniff_print_headers I added -z,--headers option, you can find it in usage output. This option allows the following combinations: --headers --hex --headers --ascii --headers --hex --ascii Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.