tcpdump mailing list archives

Re: tcpdump and pcapng with comments

From: Mahesh V <maheshvenkateshwaran () gmail com>
Date: Sun, 6 Apr 2025 15:05:12 +0530

Just to clarify, I am building libpcap (where I have added the code)
tcpdump compilation is fine but obviously gives symbol error because
libpcap is bot yet built.
thanks


On Sun, Apr 6, 2025 at 2:41 PM Mahesh V <maheshvenkateshwaran () gmail com>
wrote:

Hi Folks

I added some code (modified) tcpdump to write the pcapng file.
while configuring/compiling the source code I get this error
This is a cross compilation for ARM platform

configure: error: *flex is insufficient to compile libpcap.*
 libpcap requires Flex 2.5.31 or later, or a compatible version of lex.

# flex -V
flex 2.5.37
Same error is true for bison/m4. (I am not sure what is that tool for)

Any help in this regard?


On Sat, Apr 5, 2025 at 12:27 AM Guy Harris <gharris () sonic net> wrote:

On Apr 4, 2025, at 11:29 AM, Michael Richardson <mcr () sandelman ca> wrote:

I can't recall if we can read pcapng.


libpcap - and thus programs, such as tcpdump, that use libpcap to read
capture files - can read some pcapng files, as long as the current libpcap
API can handle them.  That's been the case since libpcap 1.1.

However, "as long as the current libpcap API can handle them" means that:

        1) all of the sections of the pcapng file must have the same byte
order, as the current API reports a single byte order for the entire file;

        2) all interfaces in all sections of the pcapng file must have
the same link-layer header type and snapshot length, as the current API
reports a single link-layer header type and snapshot length for the entire
file;

        3) block types other than packet blocks can't be reported to the
caller;

        4) options such as comments can't be reported to the caller.

_______________________________________________
tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org
To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

Current thread:

Re: tcpdump and pcapng with comments Mahesh V (Apr 04)
- Re: tcpdump and pcapng with comments Guy Harris (Apr 04)
- Re: tcpdump and pcapng with comments Michael Richardson (Apr 04)
  - Re: tcpdump and pcapng with comments Guy Harris (Apr 04)
    - Re: tcpdump and pcapng with comments Mahesh V (Apr 06)
    - Re: tcpdump and pcapng with comments Mahesh V (Apr 06)
    - Re: tcpdump and pcapng with comments Michael Richardson (Apr 06)
    - Re: tcpdump and pcapng with comments Guy Harris (Apr 06)
    - Re: tcpdump and pcapng with comments Mahesh V (Apr 06)
    - Re: tcpdump and pcapng with comments Denis Ovsienko via tcpdump-workers (Apr 07)
    - Re: tcpdump and pcapng with comments Mahesh V (Apr 07)
    - Re: tcpdump and pcapng with comments Guy Harris (Apr 07)
    - Re: tcpdump and pcapng with comments Mahesh V (Apr 07)
    - Re: tcpdump and pcapng with comments Guy Harris (Apr 07)
    - Re: tcpdump and pcapng with comments Mahesh V (Apr 08)
    - Re: tcpdump and pcapng with comments Guy Harris (Apr 08)

(Thread continues...)