Hi Jean-Louis, I'm currently using the patched version of tcpdump/libpcap to capture traffic, and Wireshark to dissect/view it. I do intend to do capturing with Wireshark though, when I've got round to recompiling it against the new libpcap. Thanks.
On Thu, Oct 30, 2008 at 6:18 PM, Jean-Louis <[EMAIL PROTECTED]> wrote: > Jean-Louis ha scritto: > >> Tyson Key ha scritto: >> >>> Hi Jean-Louis, just applied the patches and it compiles and installs >>> successfully. >>> Still looks like certain packets are being truncated (mostly >>> URB_ISOCHRONOUS >>> ones from what I can tell). >>> Thanks. >>> >>> >> now also the mmap mode have snaplen limitation... >> >> try to capture traffic with -s 0 tcpdump option. >> >> i.e. tcpdump -i2 -w file.pcap -s 0 >> >> if you would make default maximum, look #DEFINE of DEFAULT_SNAPLEN >> in tcpdump/interface.h and tcpdump/netdissect.h >> >> I have found this with >> >> find -name "*.[ch]" | xargs grep "DEFAULT_SNAPLEN" >> > > only one question: what you are using for dissect packets? > > If response is whireshark, in the dissector for usb raw traffic ther'is > some workaround and misunderstood of usb specification... I don't know if > "truncate packet" say in whireshark is attendible. If I have free time, this > week, I would try to fix this dissector. > > - > This is the tcpdump-workers list. > Visit https://cod.sandelman.ca/ to unsubscribe. > -- Fight Internet Censorship! http://www.eff.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Open-Source Community, and Technology Testbed: http://www.house404.co.uk/ - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
