Re: [tcpdump-workers] Patch to print out IP data in PPP HDLC packets

) {/* is this an escape code ? */ +ppp_hdlc(p-1, length); +return; +} + switch (proto) { case PPP_LCP: case PPP_IPCP: -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace

Re: [tcpdump-workers] number of concurrent TCP sessions

because it makes your box vulnerable to SYN flood attacks. Regards Karoly Kiss - -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New

Re: [tcpdump-workers] PCAP Timestamp - HWClock or SWClock?

. For Ethernet this is generally the SFD byte. I'm happy to discuss specifics off-list if people are interested. Stephen. -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone

Re: [tcpdump-workers] problem with parsing Leipzig-I trace

/ to unsubscribe. -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378

Re: [tcpdump-workers] user provided packet buffer

? It seems to me that requiring the user to do their own explicit copies when required is not unreasonable. Regards, Stephen. -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd

Re: [tcpdump-workers] Paquets smaller than 64 bytes

packets to get the sizes on wire? You can also add an unknown number of bytes of preamble (typ. 8), and 12 bytes of Inter-frame Gap if you like. Depends what you mean by 'On the wire'. Stephen. -- --- Stephen Donnelly BCMS PhD

Re: [tcpdump-workers] What is the main reason in absent append

. -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378

Re: [tcpdump-workers] pcap file format documentation

the libpcap source)? Thanks, Don - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe. -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd

Re: [tcpdump-workers] pcap file format documentation

with this since programs that are dependent on it (tcpdump, ethereal) hang when attempting to open any such file. Is this assumption incorrect? Thanks, Don On 3/19/06, Stephen Donnelly [EMAIL PROTECTED] wrote: It may be worth noting (AFAIK) the libpcap file format is intended to be opaque

Re: [tcpdump-workers] [RESEND][PATCH] enable sniff on USB ports

-- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378

Re: [tcpdump-workers] Request for a new DLT for MTP2 with FCS

as a special case I have no problem, and Endace can support both linktypes. Stephen. -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540 Hamilton

Re: [tcpdump-workers] Request for a new DLT for MTP2 with FCS

new linktypes, just for such purpose ? (I understood that the linktypes are coded on 4 bytes ) Regards Florent -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd

[tcpdump-workers] [PATCH] DAG card support update

. Regards, Stephen. -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378

Re: [tcpdump-workers] Packet capture performance comparison of

of any recent independent test publications. Regards, Stephen. -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand

Re: [tcpdump-workers] Packet capture performance comparison of

On Thu, 2007-06-28 at 03:09 +, Jefferson Ogata wrote: Stephen Donnelly wrote: On Wed, 2007-06-27 at 22:00 +, Jefferson Ogata wrote: some packets to disk. Has anyone out there put together such a box and come up with some performance statistics? [snip] Endace also offers disk

[tcpdump-workers] DLT assignment request

there are already 19 ERF types defined and I feel this would unnecessarily consume/pollute the libpcap DLT namespace. Comments, questions, objections welcome. Regards, Stephen. -- --- Stephen Donnelly BCMS PhD email

Re: [tcpdump-workers] DLT assignment request

On Tue, 2007-08-07 at 16:55 -0700, Guy Harris wrote: On Jul 25, 2007, at 1:57 PM, Stephen Donnelly wrote: Florent Drouin from Alcatel-Lucent has been working on improving the ERF support in Wireshark. As part of this work we would like to request a new DLT (DLT_ERF) which would

Re: [tcpdump-workers] Endace DAG card

the statistics via the DAG configuration and status API from your own software. Regards, Stephen. -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540

[tcpdump-workers] [PATCH] dag updates

will also need to be regenerated using the preferred autoconf version. Stephen. -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New

Re: [tcpdump-workers] Creation of libpcap 1.0 and tcpdump

release!) A release candidate sounds like a good idea. Could easily give it a week or two to settle before finalising it. Stephen -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd

Re: [tcpdump-workers] tcpdump problem with DAG card

. -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378 --- - This is the tcpdump

Re: [tcpdump-workers] tcpdump problem with DAG card

On Thu, 2008-01-10 at 14:53 +1300, Stephen Donnelly wrote: On Wed, 2008-01-09 at 17:25 -0800, Guy Harris wrote: On Jan 9, 2008, at 3:37 PM, lei wei wrote: I'm actually trying to get Argus working with DAG but argus still can't read anything from it. From a quick look

[tcpdump-workers] tcpdump display/decode bug?

. -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378

Re: [tcpdump-workers] tcpdump display/decode bug?

On Wed, 2008-07-30 at 20:07 -0700, Guy Harris wrote: On Jul 30, 2008, at 2:12 PM, Stephen Donnelly wrote: I recently came across some packets which tcpdump appears to display incorrectly. Is tcpdump incorrectly invoking some heuristic dissector, or is there another reason? I guess

Re: [tcpdump-workers] does port 25 work?

. # tcpdump --version tcpdump version 3.9.8 libpcap version 0.9.8 Stephen -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New

Re: [tcpdump-workers] does port 25 work?

. -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378

Re: [tcpdump-workers] tcpdump and wireshark

. Visit https://cod.sandelman.ca/ to unsubscribe. -- --- Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64

Re: [tcpdump-workers] TCPDUMP 4.0.1rc1 and LIBPCAP 1.0.1rc1

. -- --- Stephen Donnelly BCMS PhD email: s...@endace.com Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378 --- - This is the tcpdump-workers list

Re: [tcpdump-workers] Hardware timestamp ?

' of network traffic. The inter-packet timing is preserved and regenerated with high accuracy, typically orders of magnitude better than software-only approaches. Regards, Stephen -- --- Stephen Donnelly BCMS PhD email: s

[tcpdump-workers] Pull request

git://github.com/sfd/libpcap.git Updating Endace DAG ERF support. -- --- Stephen Donnelly BCMS PhD email: s...@endace.com Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand

Re: [tcpdump-workers] ATM raw format data-link level type code in

would be useful. Stephen. -- --- Stephen Donnelly BCMS PhD email: s...@endace.com Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378

Re: [tcpdump-workers] Memory leak in libpcap (top of tree) and/or

() and dag_detach_stream() to handle mapping/unmapping. Stephen. -- --- Stephen Donnelly BCMS PhD email: s...@endace.com Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell

Re: [PATCH] Re: [tcpdump-workers] Bug: Counting dropped packets in

. Regards, Stephen -- --- Stephen Donnelly BCMS PhD email: s...@endace.com Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378

[tcpdump-workers] Pull request for DAG updates

I have submitted a pull request to mcr's github tree. https://github.com/mcr/libpcap/pull/1 There are 2 changes. The dag_platform_finddevs() function is updated to improve the search space and efficiency. Secondly the build process moves to 'pcap-config' for external library dependencies

Re: [tcpdump-workers] pcap anonymizer

On 29/04/11 19:12, Guy Harris wrote: On Apr 28, 2011, at 3:31 PM, Michael Richardson wrote: Unless someone says that there is something else out there, I'm going to write an (IPv4) pcap file anonymizer. I won't make the first version efficient. The Internet Traffic Archive has some

Re: [tcpdump-workers] [Wireshark-dev] Multiple interface capture device support in

On 06/06/12 22:03, Guy Harris wrote: On Jun 5, 2012, at 8:04 PM, Stephen Donnelly wrote: I've posted an 'experimental' patch/hack to dumpcap in Bug #7300. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7300 The dumpcap implementation assumes that there is a one-to-one mapping between

[tcpdump-workers] pcap FCS length and LT_FCS_DATALINK_EXT()

Hi Guy, In 2007 in libpcap afbb1ce7 you committed some code (possibly from Florent Drouin) adding the LT_FCS_DATALINK_EXT mechanism to record whether the capture includes information about captured FCS length, and if so what length it is. I believe that currently only the DAG capture code

[tcpdump-workers] Fix DAG Stream support in dag_create()

It appears that when Have non-interface modules take responsibility for identifying their devices 2426611 https://github.com/the-tcpdump-group/libpcap/commit/2426611584e9099af5f98d18ef37337df9bef025 was committed, the heuristic for DAG device names was insufficient.

[tcpdump-workers] Pending pull request #378

Hi, I have had a pull request in the queue on github since August: https://github.com/the-tcpdump-group/libpcap/pull/378 This does include some ideally separate things, a bug fix, and some improvements. Is there anything blocking this pull request? Is more information required, or should I

[tcpdump-workers] 1.9.0 release progress

Hi, I see 1.9.0 is up to rc2 as of 25th June, how is it going? Is there anything we can do to assist? This fixes a serious bug in 1.8.1 for us, so keen to see a new release! Regards, Stephen ___ tcpdump-workers mailing list