tcpdump mailing list archives
Re: IP length vs IP6 length inconsistency (fwd)
From: Pekka Savola <pekkas () netcore fi>
Date: Wed, 8 Aug 2007 07:04:59 +0300 (EEST)
On Tue, 7 Aug 2007, Hannes Gredler wrote:
Is the length intended to print out the whole IP packet length (which in the case of v6 would probably require chasing down the extension header chain) or whatever IP header's "next header length" reports?its works the other way around ... you get passed in the L2 length and deduct the IP{4,6} header size and print that
I'm not 100% sure I understand that but the code below certainly doesn't do that.
In the first case, "length 60" is printed, and the IP packet is 60 bytes long. In this case, this certainly isn't L2 length minus the IP header size.
In the second case, "length 40" is printed, but the IP6 packet is 80 bytes long.
I believe users are looking for the whole IP packet length.can you clarify what you understanding of "whole" is ? if you want to see the L2 length then turn on the -e flag.
What I'd at least be interested in seeing is the length of the IP packet. If I use -e, I get the length of L2 packet, where I must know how many bytes to deduct to get IP length. I'd also be OK if tcpdump only printed the length of payload (not including the IP header) if it did that consistently -- I know how many bytes IP{,6} header takes so I can add that if necessary..
15:48:59.011531 IP (tos 0x10, ttl 64, id 2928, offset 0, flags [DF], proto TCP (6), length 60) 193.166.2.166.48849 > 193.94.160.1.26: S, cksum 0xa1ba (correct), 3306383735:3306383735(0) win 5840 <mss 1460,sackOK,timestamp 441344519 0,nop,wscale 4> 0x0000: 4510 003c 0b70 4000 4006 0990 c1a6 02a6 0x0010: c15e a001 bed1 001a c513 6977 0000 0000 0x0020: a002 16d0 a1ba 0000 0204 05b4 0402 080a 0x0030: 1a4e 6207 0000 0000 0103 0304 15:49:06.442127 IP6 (hlim 64, next-header: TCP (6), length: 40) 2001:708:10:10:209:6bff:fea0:47de.38549 > 2001:708::1.26: S, cksum 0xf9d5 (correct), 2146010385:2146010385(0) win 5760 <mss 1440,sackOK,timestamp 441351950 0,nop,wscale 4> 0x0000: 6000 0000 0028 0640 2001 0708 0010 0010 0x0010: 0209 6bff fea0 47de 2001 0708 0000 0000 0x0020: 0000 0000 0000 0001 9695 001a 7fe9 8511 0x0030: 0000 0000 a002 1680 f9d5 0000 0204 05a0 0x0040: 0402 080a 1a4e 7f0e 0000 0000 0103 0304- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- IP length vs IP6 length inconsistency (fwd) Pekka Savola (Aug 07)
- Re: IP length vs IP6 length inconsistency (fwd) Hannes Gredler (Aug 07)
- Re: IP length vs IP6 length inconsistency (fwd) Pekka Savola (Aug 07)
- Re: IP length vs IP6 length inconsistency (fwd) Guy Harris (Sep 13)
- Re: IP length vs IP6 length inconsistency (fwd) Pekka Savola (Sep 13)
- Re: IP length vs IP6 length inconsistency (fwd) Guy Harris (Sep 14)
- Re: IP length vs IP6 length inconsistency (fwd) Pekka Savola (Sep 13)
- Re: IP length vs IP6 length inconsistency (fwd) Hannes Gredler (Aug 07)