libpcap and PPP
Carter Bullard
carter at qosient.com
Mon Nov 11 02:45:50 EST 2002
Hey Andrew,
Yotam had a capture file, and he also checkout the new
distribution, which has support for DLT_LINUX_SLL.
ftp://qosient.com/dev/argus-2.0/argus-2.0.6.beta.4.tar.gz
Give this a go, so to speak.
Carter
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Andrew Pollock
> Sent: Monday, November 11, 2002 1:06 AM
> To: Carter Bullard
> Cc: 'Yotam Rubin'; argus-info at lists.andrew.cmu.edu
> Subject: Re: libpcap and PPP
>
>
> On Sun, Nov 10, 2002 at 08:27:40AM -0500, Carter Bullard wrote:
> > Hey Yotam,
> > In order to test the changes, does anyone have a
> > tcpdump capture file with some DLT_LINUX_SLL packets
> > in it? As many as 100 would be great.
>
> So do you just need a tcpdump capture run on a PPP interface?
>
> > Carter
> >
> >
> > > -----Original Message-----
> > > From: owner-argus-info at lists.andrew.cmu.edu
> > > [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> > > Yotam Rubin
> > > Sent: Wednesday, November 06, 2002 4:29 PM
> > > To: argus-info at lists.andrew.cmu.edu
> > > Subject: Re: libpcap and PPP
> > >
> > >
> > > On Wed, Nov 06, 2002 at 11:12:24PM +0200, Yotam Rubin wrote:
> > > > Hey,
> > > >
> > > > In response to Amir's problem, PPP's linktype
> in pcap has been
> > > > changed from DLT_RAW to DLT_LINUX_SLL. As a result,
> argus no longer
> > > > works with a PPP interface. Argus' callback array needs to
> > > be updated.
> > > >
> > > > Regards, Yotam Rubin
> > >
> > > It should be further noted that the same callback that
> > > handled DLT_RAW will not handle DLT_LINUX_SLL properly, since
> > > DLT_LINUX_SLL has a 16 byte header.
> > >
> > >
> > > Regards, Yotam Rubin
> > >
> > >
> >
>
More information about the argus
mailing list