RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration

From: Yann Samama (ysamama@nortelnetworks.com)
Date: 07/22/03

• Next message: Yann Samama: "RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration"
• Previous message: Desem, Can: "RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration"
• Maybe in reply to: Yann Samama: "tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration"
• Next in thread: Yann Samama: "RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <C76021BAF2A6D5119DE500508BCF45520A103227@zctfc004.europe.nortel.com>
From: "Yann Samama" <ysamama@nortelnetworks.com>
Subject: RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration
Date: Tue, 22 Jul 2003 11:01:28 +0200

All,
 
I will have a look at these "hardware duplicates" and will keep you
informed.
 
Best regards,
 
Yann.

-----Original Message-----
From: Desem, Can [mailto:Can.Desem@team.telstra.com]
Sent: mardi 22 juillet 2003 01:21
To: Samama, Yann [CTF:4654:EXCH]; tcptrace@tcptrace.org
Subject: RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with
previous PPP linktype integration

Yann,
 
This is looking good. However, when looking at PPPoE traces, tcptrace now
detects hardware duplicates (not in all cases) when they may not be there.
Looking at these dump files with ethereal or tcpdump, there are no hardware
duplicates (unless tcpdump or ethereal doesn't print these) but tcptrace
reports duplicates. If I filter out one of these tcp flows using ethereal
and put it in a separate file and then apply tcptrace to this file it does
not report any hardware duplicates.
 
Thanks,
 
Can Desem
 

-----Original Message-----
From: Yann Samama [mailto:ysamama@nortelnetworks.com]
Sent: Monday, 21 July 2003 7:06 PM
To: 'tcptrace@tcptrace.org'
Subject: tcptrace PPPoE patches for libpcap (tcpdump) files along with
previous PPP linktype integration

All,

Please find enclosed in this e-mail three patches which add support for
PPPoE capture files encoded in libpcap format.

tcpdump.h.patch
 - added a function to calculate the byte offset with regards to the
encapsulation type :
   => straight Ethernet encapsulation
   => Point-to-Point Protocol over Ethernet encapsulation

tcpdump.c.patch
 - modified the switch case for Ethernet (DLT_EN10MB) to take into account
the calculated offset

tcptrace.h.patch
 - added some PPPoE constants definitions so that my code is more readable
and re-usable for other capture file formats.

Could you please test them and check that it does not break anything ?

Please note that those patches include also the modifications I made
previously to add support for PPP captures.

Best regards,

Yann.

----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.

• Next message: Yann Samama: "RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration"
• Previous message: Desem, Can: "RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration"
• Maybe in reply to: Yann Samama: "tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration"
• Next in thread: Yann Samama: "RE: tcptrace PPPoE patches for libpcap (tcpdump) files along with previous PPP linktype integration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : 07/22/03 EDT