Re: [tcpdump-workers] problem with parsing Leipzig-I trace

Sun, 10 Jul 2005 14:30:02 -0700

From the web pages you mentioned, the Leipzig-I trace page says that it was taken from a Packet over SONET link. Did you try the "dagbpf -p" flag for PoS? 

Regards,
Stephen.

Zhen Wu wrote:

Hello, everyone:
I am using dagtools and tcpdump to parse the Leipzig-I trace. The output is NOT what I expected. Using the same command, I can successfully parse the Auckland-IV trace. 

Anyone can help me??? Thanks a lot!

Zhen
output from parsing Leipzig-I trace, from "http://pma.nlanr.net/Special/leip1.html"; 
--------------------------
$ zcat 20021125-140000-0.gz | /usr/local/dagtools-0.8.1/pcap/dagbpf -v | /usr/local/sbin/tcpdump -n -tt -r -| more 
dagbpf: verbose: header
dagbpf: verbose: sloop
reading from file -, link-type ATM_RFC1483 (RFC 1483 IP-over-ATM)
1038229200.000249 sap 02 > sap 0a 83/P
1038229200.000275 sap 00 > sap 0a rnr (r=59,F)
1038229200.000312 sap 02 > sap 0a 83/P
1038229200.000385 sap 02 > sap 0a 83/P
output from parsing Auckland-IV trace, from "http://pma.nlanr.net/Traces/long/auck4.html"; 
----------------------
$ zcat 20010309-020000-0.gz | /usr/local/dagtools-0.8.1/pcap/dagbpf -v | /usr/local/sbin/tcpdump -n -tt -r - | more 
dagbpf: verbose: header
dagbpf: verbose: sloop
reading from file -, link-type ATM_RFC1483 (RFC 1483 IP-over-ATM)
984056400.009423 IP 10.0.45.255.80 > 10.0.0.53.4608: . ack 397996760 win 8760 984056400.012529 IP 10.0.45.255.80 > 10.0.0.53.4608: P 0:159(159) ack 1 win 8760 984056400.012546 IP 10.0.45.255.80 > 10.0.0.53.4608: F 159:159(0) ack 1 win 8760 984056400.013616 IP 10.2.179.148.2875 > 10.0.1.19.80: . ack 584221866 win 31856 <[|tcp]> 

The version of my tcpdump
------------------
tcpdump version current-cvs.tcpdump.org.2004.06.20
libpcap version 0.7

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.



--
-----------------------------------------------------------------------
    Stephen Donnelly BCMS PhD           email: [EMAIL PROTECTED]
    Endace Technology Ltd               phone: +64 7 839 0540
    Hamilton, New Zealand               cell:  +64 21 1104378
-----------------------------------------------------------------------
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Reply via email to