tcpdump mailing list archives
Re: Protocol headers-only capture?
From: Dustin Spicuzza <dustin () virtualroadside com>
Date: Wed, 17 Dec 2008 17:30:43 -0500
Guy Harris wrote:
On Dec 17, 2008, at 12:18 PM, Matthew Luckie wrote:could -s become a parameter that takes words as well as numbers, and have the compiler return the appropriate number of bytes in each case?. so -s udphdr -s tcphdr would return 14 + 20 + 8 for UDP packets on ethernet,Not all link layers have fixed-length headers (consider 802.11)
Speaking of which, is there something in tcpdump that can figure out how long the header is... I see that the printers figure out this information, but its not done separately as far as I can see. I suppose this patch isn't quite as simple as I was hoping. I have it all done (non-tested) except for ipv6 options and the link layer offset. Dustin -- Innovation is just a problem away - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)
- Re: Protocol headers-only capture? Matthew Luckie (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Matthew Luckie (Dec 17)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 17)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 22)
- Re: Protocol headers-only capture? Dustin Spicuzza (Dec 22)
- Re: Protocol headers-only capture? Guy Harris (Dec 17)