Home page logo
/
tcpdump Mailing List

Covers the classic tcpdump text-based network sniffer and its libpcap sniffer library component.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
201312788
20121768453144
2011177235187215
201021713185141
2009220182186145
2008233140139269
2007154118251226
200620014871162
2004392374377208
2003315283259304
2002319

Latest Posts

Re: Request for new DLT Pascal Quantin (May 19)
Hi Michael,

2013/5/18 Michael Richardson <mcr () sandelman ca>

Anders can describe it better than me, but the format intends to be
versatile.It allows you to export any higher level PDUs in a pcap file
while maintaining some basic information about the lower layers (like the
transport one). The current code sample in Wireshark is for SIP protocol,
but could be extended to any protocol if there is a need. With a DLT
allocated, it would...

Re: using tcpdump Mahmood Naderan (May 19)
Problem is, syslog (and kernel in general) doesn't record such things *at all*

 
Regards,
Mahmood

________________________________
From: Mark W. Jeanmougin <markjx () gmail com>
To: Mahmood Naderan <nt_mahmood () yahoo com>
Cc: "tcpdump-workers () lists tcpdump org" <tcpdump-workers () lists tcpdump org>
Sent: Sunday, May 19, 2013 1:09 AM
Subject: Re: [tcpdump-workers] using tcpdump

For an issue like this,...

Re: capturing only timestamp excluding other information Guy Harris (May 18)
No, there isn't.

However, if you capture with as low a snapshot length as possible (try 1 as a value; the OS or libpcap might raise it
to a larger minimum value), that will minimize the amount of extra data you're capturing. If you only want the
timestamp from the pcap file, you can just extract that and ignore the packet data.

Re: Request for new DLT Michael Richardson (May 18)
Pascal> Anders Broman, Wireshark core developer, is currently designing an export
Pascal> functionality for PDUs and would need a DLT allocated for this new
Pascal> functionality.
Pascal> You will find below the email he tried to send to this mailing list a few
Pascal> days ago and that got bounced. I hope mine will go through
Pascal> :)

sorry.

Anders> I would need a DLT for a wrapper around...

Re: Request for new DLT Anders Broman (May 18)
Hi,
I would need a DLT for a wrapper around higher level PDU's or per-packet DLT:s the format is multipurpose and consists
of a number of TLV:s proceeding the actual PDU.
There are TLV:s which describes which protocol the PDU is and meta data such as IP address and port (if the transport
protocol(s) are striped off).

The format can be used by logging functions in various nodes, say after deserialization(SS7 over TDM)...

Request for new DLT Anders Broman (May 18)
Hi,
I would need a DLT for a wrapper around higher level PDU's or per-packet DLT:s the format is multipurpose and consists
of a number of TLV:s proceeding the actual PDU.
There are TLV:s which describes which protocol the PDU is and meta data such as IP address and port (if the transport
protocol(s) are striped off).

The format can be used by logging functions in various nodes, say after deserialization(SS7 over TDM)...

Request for DLT Anders Broman (May 18)
Hi,
I would need a DLT for a wrapper around higher level PDU's or per-packet DLT:s the format is multipurpose and consists
of a number of TLV:s proceeding the actual PDU.
There are TLV:s which describes which protocol the PDU is and meta data such as IP address and port (if the transport
protocol(s) are striped off).

The format can be used by logging functions in various nodes, say after deserialization(SS7 over TDM)...

Request for new pcap/pcapng DLT Format chris_bontje (May 18)
Hi, I would like to request a custom DLT type for the Schweitzer
Engineering Laboratories "RTAC" product. Information on the
product/purpose of the DLT is included below:

The RTAC product family (SEL-3530, SEL-2241, SEL-3505) is a Linux-based
Automation Controller product that is capable of interfacing with SEL and
3rd-party equipment using a variety of standard industrial protocols such
as SEL FM, DNP3, Modbus, C37.118, Telegyr...

capturing only timestamp excluding other information achyut baruah (May 18)
Sir, I have been using Tcpdump. Extracting timestamp from a pcap file is
quite easy. Is there any way to capture only the timestamp excluding other
info using Tcpdump while capturing packet.

pcap FCS length and LT_FCS_DATALINK_EXT() Stephen Donnelly (May 18)
Hi Guy,

In 2007 in libpcap afbb1ce7 you committed some code (possibly from Florent Drouin) adding the LT_FCS_DATALINK_EXT
mechanism to record whether the capture includes information about captured FCS length, and if so what length it is.

I believe that currently only the DAG capture code supports this, and as implemented the LT_FCS_LENGTH is in units of
16-bits, e.g. 16-bit FCS returns 1, and 32-bit FCS returns 2?

I don't think...

Request for new DLT Pascal Quantin (May 18)
Hi all,

Anders Broman, Wireshark core developer, is currently designing an export
functionality for PDUs and would need a DLT allocated for this new
functionality.
You will find below the email he tried to send to this mailing list a few
days ago and that got bounced. I hope mine will go through :)

Best regards,
Pascal.

-----Original Message-----
From: Anders Broman
Sent: den 16 maj 2013 16:04
To: 'tcpdump-workers () lists tcpdump...

Re: using tcpdump Mahmood Naderan (May 18)
 
In case of ip conflict, is there any special message/packet which can be extracted from tcpdump?

Regards,
Mahmood

________________________________
From: Michael Richardson <mcr () sandelman ca>
To: Mahmood Naderan <nt_mahmood () yahoo com>
Cc: "tcpdump-workers () lists tcpdump org" <tcpdump-workers () lists tcpdump org>
Sent: Thursday, May 16, 2013 6:26 PM
Subject: Re: [tcpdump-workers] using tcpdump

   ...

DLT for Bluetooth Low Energy dragorn (May 16)
The list seems to be rejecting some posts, I just unsubbed/resubbed
myself in the hopes that it wakes up and lets me post this time; it
also bounced Mike Ryans post and he asked me to send it along.

----- Forwarded message from Mike Ryan <mikeryan () isecpartners com> -----

Date: Mon, 29 Apr 2013 13:09:32 -0700
From: Mike Ryan <mikeryan () isecpartners com>
To: dragorn () kismetwireless net
Subject: request: DLT for Bluetooth Low...

Re: using tcpdump Michael Richardson (May 16)
Mahmood> I am using scientific linux 6.3 which kernel
Mahmood> 2.6.32-279.5.1.el6.x86_64. The chassis, say 'A', has 3
Mahmood> network interfaces. Eth1 has valid IP and is connected to
Mahmood> internet and eth2 has invalid IP and is connected to
Mahmood> another local switch.

Mahmood> Problem is that the internet is randomly disconnected on
Mahmood> eth1 so the computer is unreachable...

using tcpdump Mahmood Naderan (May 16)
Hello all users
I am using scientific linux 6.3 which kernel 2.6.32-279.5.1.el6.x86_64. The chassis, say 'A', has 3 network interfaces.
Eth1 has valid IP and is connected to internet and eth2 has invalid IP and is connected to another local switch.

Problem is that the internet is randomly disconnected on eth1 so the computer is unreachable through ping command. At
the same time, there is another chassis, say 'B', which has...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]