Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:





/
tcpdump Mailing List

Covers the classic tcpdump text-based network sniffer and its libpcap sniffer library component.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
201217637
2011177235187215
201021713185141
2009220182186145
2008233140139269
2007154118251226
200620014871162
2004392374377208
2003315283259304
2002319

Latest Posts

Re: When was '-z' added to tcpdump? kielaka (May 22)
Tcpdump version 4.1.1 manual :
-z Used in conjunction with the -C or -G options, this will make tcpdump run " command file " where file is
the savefile being
closed after each rotation. For example, specifying -z gzip or -z bzip2 will compress each savefile using
gzip or bzip2.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Re: Support for SPB in tcpdump Michael Richardson (May 22)
Ajith> I am working on adding support for Shortest Path Bridging
Ajith> (SPB) in tcpdump.

http://en.wikipedia.org/wiki/IEEE_802.1aq ?

Ajith> Is there anyone working on the same topic ?

Please include a pcap file and test case with your patch!
and, thank you!

When was '-z' added to tcpdump? Osman Surkatty (May 21)
Hello there,

I would like to use the -z (*postrotate-command*) flag to easily gzip a
pcap after a file rotation but it appears my current version (tcpdump 3.9.4
/ libpcap 0.9.4) does not support this. I was wondering what version first
incorporated this flag? The official tcpdump changelog (
http://www.tcpdump.org/tcpdump-changes.txt) doesn't appear to have any note
on this feature's introduction either. I would gladly appreciate it if...

Support for SPB in tcpdump Ajith Adapa (May 21)
Hi,

I am working on adding support for Shortest Path Bridging (SPB) in tcpdump.

Is there anyone working on the same topic ?

Regards,
Ajith
--------------------------------------------
codingfreak.in <http://www.codingfreak.in>
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

tcpdump mirror inquiry Paul Stewart (May 20)
Hi there...

We operate a rather large mirroring system and would be happy to add a
mirror for tcpdump. We are well connected to be brief...

Please advise if interested.

Paul

Paul Stewart

Senior Network Architect

Nexicom

5 King St. E., Millbrook, ON, LOA 1GO

Phone: 705-932-4127

Web: http://www.nexicom.net <http://www.nexicom.net/>

Nexicom - Connected. Naturally.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/...

Re: rpcap Fulvio Risso (May 16)
I have to admit that I was pretty convinced to have used getaddrinfo() and such
at that time (in fact, at that time I was very confident that Ipv6 should have
happened soon), but I trusted what Artur said in the email.

fulvio

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Re: rpcap Jakub Zawadzki (May 16)
Hi,

Nah, patch 3518553 [1] is mine :)
Yours code seems to use getaddrinfo like suggested by Artur.
3518553 is less invasive and more compact reimplementation of winpcap's rpcap,
but it doesn't have all features which winpcap version has.
(I thought that less invasive version of rpcap could be finally merged to libpcap...)

Artur, you probably want to use original rpcap support from winpcap.
Either from winpcap sources [2] or from...

Re: rpcap Fulvio Risso (May 15)
Just because the code was done in 2002 and probably at that time I used the old
socket style.
No reason why it shouldn't support Ipv6 (except for the fact that you have to
device another separator for the port number; ":" is no longer a valid symbol
for that).

However, no much time to upgrade the code to support Ipv6 (from my part), though.

fulvio

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to...

Re: tcpdump --color ? Michael Richardson (May 15)
Oh, and anyone doing --colour and to do what vim and Linux ls fail to
do:
you must set the foreground *AND* background colours

If you don't do that then you assume everyone has white xterms,
and which isn't the case, and one gets things like dark blue letters
on a blue background...

Re: tcpdump --color ? Michael Richardson (May 15)
Bass> Hi, I've been using tcpdump a lot more lately and staring at
Bass> long streams of packets and was wondering if the tcpdump devs
Bass> would be willing to add a "--color" option to colorize the
Bass> different major fields in the output.

Well, you'd have to spell it properly as: "--colour" :-)

Bass> For example, the timestamp could be one color, the protocol
Bass>...

rpcap Artur (May 15)
Is rpcap implementation supports IPv6 address ? In function
rpcap_send_request_start on patch rpcap2.patch (3518553 rpcap:// support) use
only ipv4type address.
Why dont use struct addrinfo hints and function getaddrinfo to can use ipv4 and
ipv6?

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

tcpdump --color ? Bass (May 15)
Hi,
I've been using tcpdump a lot more lately and staring at long streams of
packets and was wondering if the tcpdump devs would be willing to add a
"--color" option to colorize the different major fields in the output.

For example, the timestamp could be one color, the protocol could be a
different color, src & dst could be a different color, flags, tcp options,
etc.

It'd be especially cool and useful if the hex output...

Re: Multiple interface capture and thread safety Rick Jones (May 11)
I don't think you will be able to arrive at that goal with perfect
accuracy. Can it be like the game of horseshoes and be "close enough?"

In addition to packets from even the same interface taking different
paths up the stack, there is also the matter of different interfaces
providing notification of packet arrival at the host at different times
- mechanisms like interrupt avoidance/coalescing mean that if Packet 1
arrived...

Re: Multiple interface capture and thread safety Wiener Schnitzel (May 11)
At a certain point, I'd like to treat the packets as they came from a
single source.

I'd would be very interested in this kind of details. Do you think it
is documented somewhere ?
Also, does that mean that PCAP timestamps are normally reliable (if the
NIC cannot expose its own RX timestamp) ?

Nice suggestion.

I see. As I said, I might need to merge the data coming from the
interfaces, so I need an algorithm to compare
the age of...

Re: Multiple interface capture and thread safety status in libpcap Guy Harris (May 11)
Are you processing packets from each interface independently, so that a packet on interface A is not looked at when
processing packets from interface B, or are you processing the packets from all of the interfaces as a single stream,
so that you need to see packets from multiple interfaces in order?

Even if you're sniffing on *one* interface, I think that, with at least some versions of the Linux kernel, "as it gets
to the...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]