headers
Guy Harris | 2 Mar 2011 01:14
Picon
Favicon

Re: request for a DLT value for wireshark DVB-CI

OK, I've assigned 235 as LINKTYPE_DVB_CI and DLT_DVB_CI.
Permalink | Reply | 1 comment |
headers
Martin Kaiser | 2 Mar 2011 10:00

Re: request for a DLT value for wireshark DVB-CI

Hello Guy,

Thus wrote Guy Harris (guy <at> alum.mit.edu):

> OK, I've assigned 235 as LINKTYPE_DVB_CI and DLT_DVB_CI.

this is good news. Thank you very much. 

Best regards,

   Martin
Permalink | Reply | 0 comments |
headers
Schemmel, Hans-Christoph | 2 Mar 2011 16:49
Favicon

Re: Request for new DLT value for Wireshark Dissector

I just want to ask if you´ve already assigned a DLT value for the dissector?

Kind regards,
Christoph Schemmel
Permalink | Reply | 0 comments |
headers
Tobias C Rittweiler | 2 Mar 2011 11:49
Picon

inject & read from the same interface

Hi there!

It seems to me that if I inject a packet P to a pcap handle H
of an interface I, the next read (by pcap_next() etc.) will
/not/ return P.

However, if I have two handles H1 and H2 of the same interface I,
and I inject P into H1, a read from H2 /will/ return that injected
packet P.

Is this expected behavior?

I'm also interested what in pcap-linux.c makes the first behavior
take place (the silent filtering of the injected packet)

FWIW, the first behavior totally makes sense to me,
but I need it for the second case, too, as I'm operating
on multiple pcap handles to the same interface each running
a different filter.

Thanks in advance for any clarification on the matter,

  -T.
Permalink | Reply | 1 comment |
headers
Guy Harris | 2 Mar 2011 20:12
Picon
Favicon

Re: inject & read from the same interface


On Mar 2, 2011, at 2:49 AM, Tobias C Rittweiler wrote:

> Is this expected behavior?

The only thing I'd expect in this case is whatever the particular mechanism atop which libpcap runs on a
particular OS does; that may well differ from OS to OS.

> I'm also interested what in pcap-linux.c makes the first behavior
> take place (the silent filtering of the injected packet)

Probably its use of PF_PACKET sockets to capture and send traffic.  Now, whether there's another mechanism
that provides the behavior you want (and is equally usable for the purposes of libpcap), or whether
there's a way to configure a PF_PACKET socket so that it provides as input on that socket packets sent on
that socket, is another matter.
Permalink | Reply | 0 comments |
headers
Guy Harris | 2 Mar 2011 20:33
Picon
Favicon

Re: Request for new DLT value for Wireshark Dissector


On Mar 2, 2011, at 7:49 AM, Schemmel, Hans-Christoph wrote:

> I just want to ask if you´ve already assigned a DLT value for the dissector?

Not yet - I've been somewhat busy the past week and a half, and I have to condense all the e-mail on this thread
into a complete and precise description of the data format, to put into the pcap/bpf.h and pcap-common.c
files.  If somebody else were to do so, that would probably speed the process up significantly....-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Permalink | Reply | 2 comments |
headers
Schemmel, Hans-Christoph | 3 Mar 2011 18:01
Favicon

Re: Request for new DLT value for Wireshark

Guy Harris <guy <at> alum.mit.edu> writes:

> 
> Not yet - I've been somewhat busy the past week and a half, and I have to
condense all the e-mail on this thread
> into a complete and precise description of the data format, to put into the
pcap/bpf.h and pcap-common.c
> files.  If somebody else were to do so, that would probably speed the process
up significantly....-
> 

Hello Guy,

this is the detailed description of the data format.

LINKTYPE_MUX27010

Packet structure:

    1             2            3             4     
Header_Size	|  Msg_ID   |   Freg_ID   | Start_Pos | ...
 (1 Octet)  |(2 Octets) | (2 Octets)  | (1 Octet) | ...

        5          6           7             
...  End_pos  |   Flag   | Direction | ...
... (1 Octet) | (1 Octet)| (1 Octet) | ...

 
        8            9           10           11         
...  Flag_Mux  |  Address  |  Control  |     Length      | ...
(Continue reading)

Permalink | Reply | 1 comment |
headers
Jeff Sadowski | 3 Mar 2011 20:48
Picon

ipv6 DAD packets?

I'm trying to set something up like a ipv6 version of arp for now.
Final goal of my current project is to create a means of Dynamic DNS
with radvd (router advertisement deamon)
All I'm looking for with using tcpdump is an ipv6 address to mac
address mapping.
Thus I could verify every so often that the mac still has that ipv6
address with other methods.
It looks like the Duplicate Address Detection Packet may be an ICMPv6
but I couldn't figure out how to filter icmpv6
I tried "tcpdump ip6 and icmp" but it says im blocking all. How would
I do what I am trying to do?
I can't quite figure out tcpdump syntax.
Permalink | Reply | 4 comments |
headers
Eloy Paris | 3 Mar 2011 21:31

Re: ipv6 DAD packets?

On 03/03/2011 02:48 PM, Jeff Sadowski wrote:

[...]

> I tried "tcpdump ip6 and icmp" but it says im blocking all. How would
> I do what I am trying to do?
> I can't quite figure out tcpdump syntax.

"tcpdump icmp6", per pcap-filter(7), does not do what you need?

Cheers,

Eloy Paris.-
Permalink | Reply | 3 comments |
headers
Jeff Sadowski | 3 Mar 2011 21:52
Picon

Re: ipv6 DAD packets?

On Thu, Mar 3, 2011 at 1:31 PM, Eloy Paris <peloy <at> chapus.net> wrote:
> On 03/03/2011 02:48 PM, Jeff Sadowski wrote:
>
> [...]
>
>> I tried "tcpdump ip6 and icmp" but it says im blocking all. How would
>> I do what I am trying to do?
>> I can't quite figure out tcpdump syntax.
>
> "tcpdump icmp6", per pcap-filter(7), does not do what you need?
>
with -vv it shows the mac but Is there a way to put the full packet
all on one line that I can parse the output easier

> Cheers,
>
> Eloy Paris.-
> -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.
>
Permalink | Reply | 2 comments |

Gmane