DLT Request

Hi,

I'd like to request a new DLT value for our internal header format.

We have a patched version of libpcap that can capture packets from our custom board. The
board can optionally attach it's own header to the packets, before the Ethernet header. We
call it an RAIF1 header so something like DLT_RAIF1 would be good.

I can make more information available, but currently it's only really useful to our
customers that have a board.

Regards,
Phil

--

-- 
  Phil Mulholland <phil <at> u10networks.com>
  u10 Networks, Inc, http://www.u10networks.com
  2-2-14-B Kakinokizaka, Meguro-ku, Tokyo, Japan, 152-0022
  Tel: (+81) 3-3723-5506

print-bootp.c: enhancement to decode DHCP option 249

Hi,

The following patch decode DHCP option 249 (Classless
Static Route Microsoft) used by some Microsoft
systems. Same decoding as option 121 (RFC 3442).

Regards,
Francois-Xavier Le Bail

       
____________________________________________________________________________________
Got a little couch potato? 
Check out fun summer activities for kids.
http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz 

Hi,

The following patch decode DHCP option 249 (Classless
Static Route Microsoft) used by some Microsoft
systems. Same decoding as option 121 (RFC 3442).

Regards,
Francois-Xavier Le Bail

       
____________________________________________________________________________________
Got a little couch potato? 
Check out fun summer activities for kids.
http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz 

Request for a DLT code for IPMB packet

Dear tcpdump workers,

I'm doing a project on creating a plugins of packet IPMB ( with I2C interface ) in Wireshark.

Now i need a specific DLT code for this packet so that i can put my code in Open Source of Wirshark. Can you
please assign me one number ?

Moreover, Can you tell me how to add a new Capture type to libpcap ?

Thanks in advance for your help and i'm looking forward to hearing from you soon.

Best regards,

Chanthy Toeung

Internee on Software Development at Kontron Canada
Tel : 450-437-5682 extension 2480
mail to chanthy.toeung <at> ca.kontron.com

Re: Pcap filters for saved capture files?

Hi,

I'm using libpcap in programs I'm writing and I already have saved capture
files. I've seen many examples of using pcap_compile() and pcap_setfilter()
for capturing live packets, but none for use with offline files. The last
argument to pcap_compile() seems to be an IP address, but obviously if
you're opening a file, there's no device and hence no address.

Regards,

Nicky Chorley

Manpage of libpcap outdated

Hi,

I've seen that the man pages of both libpcap and tcpdump published in
tcpdump.org are outdated.

I attach a newest version. Could someone please update the web?

Regards,

Luis Martin.

Tcpdump web down?

Hi,

I've been trying to access the Tcpdump web page in the last few days and
most of the time I found that the web server is down. Could somebody please
have a look at it?

Thanks.

Regards,

Luis Martin.

Re: Pcap filters for saved capture files?

Nick Chorley wrote:

> I'm using libpcap in programs I'm writing and I already have saved capture
> files. I've seen many examples of using pcap_compile() and pcap_setfilter()
> for capturing live packets, but none for use with offline files. The last
> argument to pcap_compile() seems to be an IP address, but obviously if
> you're opening a file, there's no device and hence no address.

To quote the top-of-tree version of the libpcap man page:

	int pcap_compile(pcap_t *p, struct bpf_program *fp, const char *str, 
int optimize, bpf_u_int32 netmask);

		...

	"pcap_compile()" is used to compile the string "str"
into a filter program.  "program" is a pointer to a "bpf_program" struct 
and is filled in by "pcap_compile()".  "optimize" controls whether 
optimization on the resulting code is performed.  "netmask" specifies 
the IPv4 netmask of the network on which packets are being captured; it 
  is used only when checking for IPv4 broadcast addresses in the filter 
program.  If the netmask of the network on which packets are being 
captured isn't known to the program, or if packets are being captured on 
the Linux "any" pseudo-interface that can capture on more than one 
network, a value of 0 can be supplied; tests for IPv4 broadcast addreses 
won't be done correctly, but all other tests in the filter program will 
be OK.  A return of -1 indicates an error in which case "pcap_geterr()" 
may be used to display the error text.

I.e., it's a network mask, not a full IP address, and, if you don't know 

Re: Request for a DLT code for IPMB packet

Toeung, Chanthy wrote:
> Dear tcpdump workers,
> 
> I'm doing a project on creating a plugins of packet IPMB ( with I2C interface ) in Wireshark.
> 
> Now i need a specific DLT code for this packet so that i can put my code in Open Source of Wirshark. Can you
please assign me one number ?
> 
> Moreover, Can you tell me how to add a new Capture type to libpcap ?

simple - take a look at some vendor assigned code (endace or juniper) and watch
the cvs log for the changes.

> Thanks in advance for your help and i'm looking forward to hearing from you soon.
> 
> Best regards,
> 
> Chanthy Toeung

Re: Pcap filters for saved capture files?

On 06/08/2007, Guy Harris <guy <at> alum.mit.edu> wrote:
>
> Nick Chorley wrote:
>
> > I'm using libpcap in programs I'm writing and I already have saved
> capture
> > files. I've seen many examples of using pcap_compile() and
> pcap_setfilter()
> > for capturing live packets, but none for use with offline files. The
> last
> > argument to pcap_compile() seems to be an IP address, but obviously if
> > you're opening a file, there's no device and hence no address.
>
> To quote the top-of-tree version of the libpcap man page:
>
>         int pcap_compile(pcap_t *p, struct bpf_program *fp, const char
> *str,
> int optimize, bpf_u_int32 netmask);
>
>                 ...
>
>         "pcap_compile()" is used to compile the string "str"
> into a filter program.  "program" is a pointer to a "bpf_program" struct
> and is filled in by "pcap_compile()".  "optimize" controls whether
> optimization on the resulting code is performed.  "netmask" specifies
> the IPv4 netmask of the network on which packets are being captured; it
>   is used only when checking for IPv4 broadcast addresses in the filter
> program.  If the netmask of the network on which packets are being
> captured isn't known to the program, or if packets are being captured on
> the Linux "any" pseudo-interface that can capture on more than one

Re: Tcpdump web down?

Uhm...

I agree with you. The server is either really slow or completely down.

Have a nice day
GV

----- Original Message ----- 
From: "Luis Martín García" <luis.mgarc <at> gmail.com>
To: <tcpdump-workers <at> lists.tcpdump.org>
Sent: Monday, August 06, 2007 1:47 AM
Subject: [tcpdump-workers] Tcpdump web down?

> Hi,
>
> I've been trying to access the Tcpdump web page in the last few days and
> most of the time I found that the web server is down. Could somebody 
> please
> have a look at it?
>
> Thanks.
>
>
> Regards,
>
>
> Luis Martin.
> -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.