headers
Denis Ovsienko | 22 May 2013 16:25
Picon
Favicon
Gravatar

review request: Babel and OpenFlow

List,

I am looking for someone to review the commits in pull request #312, which I have opened. It contains a few
improvements to existing Babel decoder and a new OpenFlow 1.0 decoder. Both pieces work fine for me, but if
you see anything that should be fixed please let me know.

--

-- 
    Denis Ovsienko
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers <at> lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Permalink | Reply | 0 comments |
headers
Guy Harris | 21 May 2013 20:36
Picon
Favicon

Re: Request for new pcap/pcapng DLT Format


On May 20, 2013, at 7:19 PM, chris_bontje <at> selinc.com wrote:

> I'll include some screen captures of the Comm Monitor interface of the RTAC

Just out of curiosity, does that screen shot show a capture made in late November, 2011?

If so, was it done in your local area (which appears, from the area code, to be in eastern Washington state)?

If so, was it done at about 1:36 in the morning of November 23, 2011?

If so, those "seconds" fields look rather suspiciously like UN*X "seconds since the epoch" values, i.e.
*absolute* time stamps, not *relative* time stamps.

(If they were captured somewhere else, apply the appropriate time zone delta from the Pacific time zone to
"1:36 in the morning".)

> vs. the pcap contents.  The "sub-seconds" 32-bit field is accurate to 6 digits.

By that do you mean "the "sub-seconds" 32-bit field is a count of microseconds since the second specified in
the "seconds" field"?

If so, and if the "seconds" field is a UN*X "seconds since the Epoch" value, the time stamp sounds *VERY*
suspiciously like a "struct timeval"...

...which, given that, as you said, "the RTAC platform is Linux-based", i.e. it's running on a UN*X, would
not be very surprising at all.

If so, then the time stamp field in the header is redundant - the time stamp field in the pcap or pcap-ng
records would suffice, as the former are "struct timeval"-style time stamps, and the latter are also
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mahmood Naderan | 19 May 2013 07:25
Picon
Favicon

Re: using tcpdump

Problem is, syslog (and kernel in general) doesn't record such things *at all*

 
Regards,
Mahmood

________________________________
 From: Mark W. Jeanmougin <markjx <at> gmail.com>
To: Mahmood Naderan <nt_mahmood <at> yahoo.com> 
Cc: "tcpdump-workers <at> lists.tcpdump.org" <tcpdump-workers <at> lists.tcpdump.org> 
Sent: Sunday, May 19, 2013 1:09 AM
Subject: Re: [tcpdump-workers] using tcpdump

For an issue like this, I would look at syslog before I'd check tcpdump. Is anything there when the box looses
the network connection?
MJ
On May 16, 2013 9:16 AM, "Mahmood Naderan" <nt_mahmood <at> yahoo.com> wrote:

Hello all users
>I am using scientific linux 6.3 which kernel 2.6.32-279.5.1.el6.x86_64. The chassis, say 'A', has 3
network interfaces. Eth1 has valid IP and is connected to internet and eth2 has invalid IP and is connected
to another local switch.
>
>Problem is that the internet is randomly disconnected on eth1 so the computer is unreachable through ping
command. At the same time, there is another chassis, say 'B', which has also the same configuration. I mean
one interface of 'B' is connected to the internet (same internet witch as 'A') and one interface to local
switch (same local switch as 'A'). However 'B' uses Ubuntu 12.04.
>
>The internet connection is steady and that means while 'A' is unreachable, 'B' can be pinged.
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Anders Broman | 14 May 2013 09:56
Picon
Favicon

Request for DLT

Hi,
I would need a DLT for a wrapper around higher level PDU's or per-packet DLT:s the format is multipurpose and
consists of a number of TLV:s proceeding the actual PDU.
There are TLV:s which describes which protocol the PDU is and meta data such as IP address and port (if the
transport protocol(s) are striped off).

The format can be used by logging functions in various nodes, say after deserialization(SS7 over TDM)
decryption(GSM/UMTS/LTE Nodes?) etc.
Tag values and an outline of the format can be found here http://anonsvn.wireshark.org/viewvc/trunk/epan/exported_pdu.h?revision=49285&view=markup

Best regards
Anders Broman
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers <at> lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Permalink | Reply | 0 comments |
headers
Anders Broman | 16 May 2013 16:02
Picon
Favicon

Request for new DLT

Hi,
I would need a DLT for a wrapper around higher level PDU's or per-packet DLT:s the format is multipurpose and
consists of a number of TLV:s proceeding the actual PDU.
There are TLV:s which describes which protocol the PDU is and meta data such as IP address and port (if the
transport protocol(s) are striped off).

The format can be used by logging functions in various nodes, say after deserialization(SS7 over TDM)
decryption(GSM/UMTS/LTE Nodes?) etc.
Tag values and an outline of the format can be found here http://anonsvn.wireshark.org/viewvc/trunk/epan/exported_pdu.h?revision=49285&view=markup

LINKTYPE_ANY_PDU or something like that?

Best regards
Anders Broman
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers <at> lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Permalink | Reply | 1 comment |
headers
chris_bontje | 13 May 2013 22:04

Request for new pcap/pcapng DLT Format

Hi, I would like to request a custom DLT type for the Schweitzer 
Engineering Laboratories "RTAC" product.  Information on the 
product/purpose of the DLT is included below:

The RTAC product family (SEL-3530, SEL-2241, SEL-3505) is a Linux-based 
Automation Controller product that is capable of interfacing with SEL and 
3rd-party equipment using a variety of standard industrial protocols such 
as SEL FM, DNP3, Modbus, C37.118, Telegyr 8979 and others. Each protocol 
instance (master/client or slave/server) is configured to utilize either 
Ethernet or EIA-232/485 serial connectivity with protocol variations for 
each medium taken into account.  More information is available at 
www.selinc.com/sel-3530

The configuration software for the RTAC platform is named AcSELerator RTAC 
(SEL-5033) and is used to set up all communications and user logic for the 
controller as well as provide downloading and online debugging facilities. 
 One particularly useful aspect of the online debugging capabilities is a 
robust Communication Monitor tool that can show raw data streams from 
either serial or Ethernet interfaces.  Many similar products have this 
same capability but the RTAC software goes a step beyond by providing a 
"save-as" function to save all captured data into pcap format for further 
analysis in Wireshark.

All Ethernet-based capture files will have a packets with a "Linux Cooked 
Capture" Ethernet-header including the "source" MAC address of the device 
responsible for the generation of the message and the TCP/IP header(s) 
maintained from the original conversation.  The application data from the 
message will follow as per a standard Wireshark packet.

Serial-based pcap capture files are stored using "User 0" DLT type 147 to
(Continue reading)

Permalink | Reply | 4 comments |
headers
achyut baruah | 9 May 2013 07:51
Picon

capturing only timestamp excluding other information

Sir, I have been using Tcpdump. Extracting timestamp from a pcap file is
quite easy. Is there any way to capture only the timestamp excluding other
info using Tcpdump while capturing packet.
--

-- 
Achyut Baruah
M.Tech(IT)
Dept. of Computer Sc. & Engg.
Tezpur University, India.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers <at> lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Permalink | Reply | 1 comment |
headers
Pascal Quantin | 18 May 2013 20:45
Picon

Request for new DLT

Hi all,

Anders Broman, Wireshark core developer, is currently designing an export
functionality for PDUs and would need a DLT allocated for this new
functionality.
You will find below the email he tried to send to this mailing list a few
days ago and that got bounced. I hope mine will go through :)

Best regards,
Pascal.

-----Original Message-----
From: Anders Broman
Sent: den 16 maj 2013 16:04
To: 'tcpdump-workers <at> lists.tcpdump.org'
Subject: RE: Request for new DLT

Hi,
I would need a DLT for a wrapper around higher level PDU's or per-packet
DLT:s the format is multipurpose and consists of a number of TLV:s
proceeding the actual PDU.
There are TLV:s which describes which protocol the PDU is and meta data
such as IP address and port (if the transport protocol(s) are striped off).

The format can be used by logging functions in various nodes, say after
deserialization(SS7 over TDM) decryption(GSM/UMTS/LTE Nodes?) etc.
Tag values and an outline of the format can be found here
http://anonsvn.wireshark.org/viewvc/trunk/epan/exported_pdu.h?revision=49285&view=markup

LINKTYPE_ANY_PDU or something like that?
(Continue reading)

Permalink | Reply | 3 comments |
headers
dragorn | 16 May 2013 16:12
Favicon

DLT for Bluetooth Low Energy

The list seems to be rejecting some posts, I just unsubbed/resubbed
myself in the hopes that it wakes up and lets me post this time; it
also bounced Mike Ryans post and he asked me to send it along.

----- Forwarded message from Mike Ryan <mikeryan <at> isecpartners.com> -----

Date: Mon, 29 Apr 2013 13:09:32 -0700
From: Mike Ryan <mikeryan <at> isecpartners.com>
To: dragorn <at> kismetwireless.net
Subject: request: DLT for Bluetooth Low Energy

[sent this as-is to tcpdump-workers <at> lists.tcpdump.org]

I would like a DLT for Bluetooth Low Energy, which is described in the
following document (warning, large PDF):

    https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=229737

The link layer specification begins on PDF page 2189. The packet format
and headers begin on page 2200.

Background: I am a security researcher and have implemented a BTLE
sniffer for project Ubertooth (http://ubertooth.sf.net). One of my tools
dumps captured packets to PCAP, currently using USER_DLT0. I have also
written a Wireshark protocol dissector for these PCAP files.

These pieces of software are intended for public release, so I would
like a DLT for interoperability.

More information about can be found at my personal site:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mahmood Naderan | 16 May 2013 15:16
Picon
Favicon

using tcpdump

Hello all users
I am using scientific linux 6.3 which kernel 2.6.32-279.5.1.el6.x86_64. The chassis, say 'A', has 3
network interfaces. Eth1 has valid IP and is connected to internet and eth2 has invalid IP and is connected
to another local switch.

Problem is that the internet is randomly disconnected on eth1 so the computer is unreachable through ping
command. At the same time, there is another chassis, say 'B', which has also the same configuration. I mean
one interface of 'B' is connected to the internet (same internet witch as 'A') and one interface to local
switch (same local switch as 'A'). However 'B' uses Ubuntu 12.04.

The internet connection is steady and that means while 'A' is unreachable, 'B' can be pinged.

The situation is very very random, so I tried to use "tcpdump -vvv -i eth1" to see if I can find any useful
information about connect/disconnect messages.

Can tcpdump help me with this problem? Any feedback is appreciated.

 
Regards,
Mahmood
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers <at> lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Permalink | Reply | 2 comments |
headers
ilaria cianci | 15 May 2013 15:54
Picon

radiotap header retry

Hi all,

    I have a question about the radiotap header  802.11.

Is there in tcpdump a corresponding filter as wlan.fc.retry==1 in wireshark?

Thanks a lot

Ilaria
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers <at> lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Permalink | Reply | 0 comments |

Gmane