Home page logo
/
tcpdump Mailing List

Covers the classic tcpdump text-based network sniffer and its libpcap sniffer library component.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
201413351
201312715755107
20121768453144
2011177235187215
201021713185141
2009220182186145
2008233140139269
2007154118251226
200620014871162
2004392374377208
2003315283259304
2002319

Latest Posts

Re: New LINKTYPE_ for EPON Guy Harris (Apr 24)
Given that the downstream encryption mechanisms are different for 1G and 10G, and given that the sniffing hardware
presumably knows whether it's sniffing 1G or 10G, I'd vote for LINKTYPE_EPON_1G and LINKTYPE_EPON_10G, with the
differences being in the parsing of the octet in question and in the decryption of downstream traffic if the program
reading the file supports that.

Re: New LINKTYPE_ for EPON Guy Harris (Apr 24)
You could show that octet as a preamble octet *and* show the 0x02 bit, so it'll be reported as being off.

Re: Coverity Scan: the-tcpdump-group/libpcap success Michael Richardson (Apr 24)
Francois-Xavier Le Bail <fx.lebail () yahoo com> wrote:
>> scan-admin () coverity com wrote:
>>     > Your request for analysis of the-tcpdump-group/libpcap has been
>>     > completed.  The results    > should be available now at
>>     > http://scan.coverity.com/
>>
>> wow, that's a stupidly useless message.
>>
>> The URL isn't...

Re: New LINKTYPE_ for EPON Philip Rosenberg-Watt (Apr 24)
I thought about that solution, and it's probably the best. The only thing
you lose is the positive confirmation that the information is *not*
encrypted, but if the ethernet dissector works on it, that's probably
confirmation enough, right? :)

I'll get to updating the code today and posting a new patch set.

Re: New LINKTYPE_ for EPON Guy Harris (Apr 24)
Or, as per 6.2 "10G Zero-Overhead Cipher Suite (10Down, 10Bi)" (hey, I'll take 10Gb to the home, or even the
neighborhood!):

if that octet has the value 01010101, show it as a preamble octet, and treat the frame as not encrypted;

if that octet has the value XXXXXX00, where XXXXXX is not 010101, report it as an error, as encryption is
disabled but the security octet is *not* 0x55;

if that octet has the...

Re: New LINKTYPE_ for EPON Guy Harris (Apr 24)
According to

http://www.cablelabs.com/wp-content/uploads/specdocs/DPoE-SP-SECv2.0-I03-140327.pdf

(BTW, 5 googolplex cheers to CableLabs for not putting their specifications behind a @#$%@@$$# paywall!), the octet
before the LLID will always have the bit value 010101EK, where E is the "Enc", or "data transferred is cypher text"
bit, and "K" is the "key identification number used to encrypt the...

Re: Coverity Scan: the-tcpdump-group/libpcap success Michael Richardson (Apr 24)
scan-admin () coverity com wrote:
> Your request for analysis of the-tcpdump-group/libpcap has been
> completed. The results > should be available now at
> http://scan.coverity.com/

wow, that's a stupidly useless message.

The URL isn't even specific to the project or the run, and it makes me return
to a web site. I guess I'll turn them off.

Re: New LINKTYPE_ for EPON Michael Richardson (Apr 24)
Guy Harris <guy () alum mit edu> wrote:
>> I sent this to the list -- twice -- but it never showed up, so I'll just
>> resend it to you. I don't know what's going on.

> Moderation? Michael?

Nothing in the local queue.
Nothing in spam trap. That suggests that your email failed SPF or something
that caused it to never get to lists.tcpdump.org. Send mail logs please...

>> I only put in...

Coverity Scan: the-tcpdump-group/tcpdump success scan-admin (Apr 24)
Your request for analysis of the-tcpdump-group/tcpdump has been completed. The results
should be available now at http://scan.coverity.com/

Please report any errors to scan-admin () coverity com

Coverity Scan: the-tcpdump-group/libpcap success scan-admin (Apr 24)
Your request for analysis of the-tcpdump-group/libpcap has been completed. The results
should be available now at http://scan.coverity.com/

Please report any errors to scan-admin () coverity com

Coverity Scan: the-tcpdump-group/tcpdump success scan-admin (Apr 24)
Your request for analysis of the-tcpdump-group/tcpdump has been completed. The results
should be available now at http://scan.coverity.com/

Please report any errors to scan-admin () coverity com

Coverity Scan: the-tcpdump-group/tcpdump success scan-admin (Apr 24)
Your request for analysis of the-tcpdump-group/tcpdump has been completed. The results
should be available now at http://scan.coverity.com/

Please report any errors to scan-admin () coverity com

Coverity Scan: the-tcpdump-group/libpcap success scan-admin (Apr 24)
Your request for analysis of the-tcpdump-group/libpcap has been completed. The results
should be available now at http://scan.coverity.com/

Please report any errors to scan-admin () coverity com

Coverity Scan: the-tcpdump-group/tcpdump success scan-admin (Apr 24)
Your request for analysis of the-tcpdump-group/tcpdump has been completed. The results
should be available now at http://scan.coverity.com/

Please report any errors to scan-admin () coverity com

Coverity Scan: the-tcpdump-group/libpcap success scan-admin (Apr 24)
Your request for analysis of the-tcpdump-group/libpcap has been completed. The results
should be available now at http://scan.coverity.com/

Please report any errors to scan-admin () coverity com

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]