tcpdump mailing list archives
Re: Protocol headers-only capture?
From: Guy Harris <guy () alum mit edu>
Date: Wed, 17 Dec 2008 12:54:47 -0800
On Dec 17, 2008, at 12:43 PM, Dustin Spicuzza wrote:
... as long as you trust that the header values are ok (making sure that they stay in the bounds of the actual packet size).
Don't do that. Check against the incoming caplen, and check the sanity of length fields.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)
- Re: Protocol headers-only capture? Matthew Luckie (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Matthew Luckie (Dec 17)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 22)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 22)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)