Re: [Patch/Workaround?] pcap-usb-linux.c

["Tyson Key" <tyson.key () gmail com>]

Hi Jean-Louis, I'm currently using the patched version of tcpdump/libpcap to
capture traffic, and Wireshark to dissect/view it. I do intend to do
capturing with Wireshark though, when I've got round to recompiling it
against the new libpcap.
Thanks.

On Thu, Oct 30, 2008 at 6:18 PM, Jean-Louis <jelot-tcpdump () jelot it> wrote:

> Jean-Louis ha scritto:
>
> > Tyson Key ha scritto:
> >
> > > Hi Jean-Louis, just applied the patches and it compiles and installs
> > > successfully.
> > > Still looks like certain packets are being truncated (mostly
> > > URB_ISOCHRONOUS
> > > ones from what I can tell).
> > > Thanks.
> > now also the mmap mode have snaplen limitation...
> >
> > try to capture traffic with -s 0 tcpdump option.
> >
> > i.e. tcpdump -i2 -w file.pcap -s 0
> >
> > if you would make default maximum, look #DEFINE of DEFAULT_SNAPLEN
> > in tcpdump/interface.h and tcpdump/netdissect.h
> >
> > I have found this with
> >
> > find -name "*.[ch]" | xargs grep "DEFAULT_SNAPLEN"
>
> only one question: what you are using for dissect packets?
>
> If response is whireshark, in the dissector for usb raw traffic ther'is
> some workaround and misunderstood of usb specification... I don't know if
> "truncate packet" say in whireshark is attendible. If I have free time, this
> week, I would try to fix this dissector.
>
> -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.



-- 
Fight Internet Censorship! http://www.eff.org
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Open-Source Community, and Technology Testbed: http://www.house404.co.uk/
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.