tcpdump mailing list archives
Re: Protocol headers-only capture?
From: Dustin Spicuzza <dustin () virtualroadside com>
Date: Wed, 17 Dec 2008 15:43:54 -0500
Matthew Luckie wrote:
Guy Harris wrote: could -s become a parameter that takes words as well as numbers, and have the compiler return the appropriate number of bytes in each case?. so -s udphdr -s tcphdr would return 14 + 20 + 8 for UDP packets on ethernet, and tcphdr would return 14 + 20 + 20 bytes for TCP packets (extra points for snapping tcp options).
I was going to make it if someone did ' -s header ', then it would turn this behavior on (but only if they were dumping to file, since otherwise it wouldn't make any sense). You can't do static lengths due to IP/TCP options (and if you wanted *just* tcp headers then you could specify this option with a bpf filter). Its actually pretty easy to implement something to do very basic parsing of this stuff... as long as you trust that the header values are ok (making sure that they stay in the bounds of the actual packet size). Dustin -- Innovation is just a problem away - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)
- Re: Protocol headers-only capture? Matthew Luckie (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Matthew Luckie (Dec 17)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 22)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 22)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)