tcpdump Mailing List

Covers the classic tcpdump text-based network sniffer and its libpcap sniffer library component.

List Archives

Latest Posts

Re: upcoming tcpslice 1.8 Michael Richardson (Sep 09)
Denis Ovsienko <denis () ovsienko info> wrote:
> Let me suggest making tcpslice 1.8 release in 1-2 weeks to avoid yet
> another oversized change log section. If anyone sees a good reason not
> to, please make your point before long.

Who are the users of tcpslice?
Are there any heavy users that would like to identify themselves, and verify
the releases?

Re: tcpdump.<VERSION> binary Francois-Xavier Le Bail via tcpdump-workers (Sep 07)

Re: tcpdump.<VERSION> binary Michael Richardson (Sep 06)
Denis Ovsienko <denis () ovsienko info> wrote:
> To simplify the use of "make install", would it be a reasonable
> trade-off to install the additional binary only when the .devel file
> exists?

That sounds like a good plan.

tcpdump.<VERSION> binary Denis Ovsienko (Sep 06)
It's me again (hopefully the last point for today).

It has been discussed before, possibly more than once, but I cannot
find the previous thread(s). The matter is, tcpdump Makefile used to
install a binary with an exact version suffix, which is convenient for
local development and cross-testing, but sometimes gets in the way of
packaging.

This is what Debian package does:

--- a/Makefile.in
+++ b/Makefile.in
@@ -426,15 +426,14 @@...

IPv4 address format ambiguity Denis Ovsienko (Sep 06)
Here is an oddity I came across earlier.

pcap-filter(3PCAP) says:

dst net netnameaddr
True if the IPv4/v6 destination address of the
packet has a network number of netnameaddr.
Net may be either a name from the networks
database (/etc/networks, etc.) or a network
number. An IPv4 network number can be written
as a dotted quad (e.g.,...

#define strdup _strdup Denis Ovsienko (Sep 06)
Hello all.

One thing caught my eye in tcpdump netdissect-stdinc.h:

#ifdef _MSC_VER
/*
* Microsoft tries to avoid polluting the C namespace with UN*Xisms,
* by adding a preceding underscore; we *want* the UN*Xisms, so add
* #defines to let us use them.
*/
#define isatty _isatty
#define stat _stat
#define strdup _strdup
[...]
/*
* If <crtdbg.h> has been included, and _DEBUG is defined, and
* __STDC__ is zero,...

upcoming tcpslice 1.8 Denis Ovsienko (Sep 05)
Hello all.

Let me suggest making tcpslice 1.8 release in 1-2 weeks to avoid yet
another oversized change log section. If anyone sees a good reason not
to, please make your point before long.

Re: IP Address Anonymization Feature in tcpdump Denis Ovsienko (Sep 03)
Better late than never. Nik Sultana discussed this feature with me in
April. Whilst trying to explain difficulties of the earlier pull
request 615, I (rather unexpectedly for myself) came to the same point
of view as above. Let me paste a copy of my off-list message to
clarify:

--------8<--------8<--------8<--------8<--------8<--------8<--------

practical use cases. To that end, several pieces of software exist
that allow...

Re: AF_INET6 values Guy Harris (Sep 02)
It shouldn't be necessary.

The original WinPcap code for the rpcap daemon sent, in response to a RPCAP_MSG_FINDALLIF_REQ message, interface
information in which:

1) IPv6 addresses had the host's native AF_ value;

2) all addresses were put out a format that matched the layout of the sender's native socket address structures.

This rarely caused a problem, because, on non-Windows platforms, users would have to...

tcpdump 4.99.5 & libpcap 1.10.5 Denis Ovsienko (Aug 30)
Hello all.

I hope this finds you well. tcpdump 4.99.5 and libpcap 1.10.5 are now
available in the usual places [1]. It has been almost 1.5 years since
the previous .4 releases, so this time it is many more bug fixes and
improvements than usual. Among other things libpcap 1.10.5 addresses
two CVEs that only apply if libpcap was built with the remote packet
capture support (which is not the default).

As discussed earlier on the list, the...

Re: SITA ECN code is going to retire soon Denis Ovsienko (Aug 22)
Done as discussed.

CI news June-August 2024 Denis Ovsienko (Aug 04)
Hello all.

I hope this finds you well. Below you can find a digest of the CI
infrastructure improvements since the previous update.

* Francois-Xaver spent some time trying to add TinyCC support to the
build matrix for tcpdump and libpcap, this eventually worked on
linux-amd64 and linux-armv7l, so these Buildbot workers have been
doing TCC builds for a while.
* freebsd-aarch64 and freebsd-amd64 have been upgraded to FreeBSD 14.1,
which...

AF_INET6 values Denis Ovsienko (Aug 01)
Hello all.

pcap-rpcap.c defines 8 OS-specific values for AF_INET6
(xxxxx_AF_INET6), would it be correct also to include and use a value
for Haiku (5)?

Also the current values of AF_INET6 are just 24 on NetBSD and OpenBSD,
28 on FreeBSD and 30 on macOS, is it still correct to bitwise-OR the
value with SOCKADDR_IN6_LEN << 8?

Also GNU/Hurd uses the same value as SOLARIS_AF_INET6 and NetBSD &
OpenBSD use the same value as AIX_AF_INET6,...

IP Address Anonymization Feature in tcpdump Alberto Perez Bogantes via tcpdump-workers (Jun 10)

CI news February - May 2024 Denis Ovsienko (May 21)
Hello all.

I hope this finds you well. Below you can find a digest of the CI
infrastructure improvements since the previous update. These changes
correspond to the recent releases of NetBSD 10.0 and OpenBSD 7.5, also
in July 2023 Cirrus CI introduced [1] a monthly limit on the amount of
free resources, which we learned last March after managing to reach the
limit, so I took some measures to reduce the footprint there.

* netbsd-mips64 has been...

More Lists

Dozens of other network security lists are archived at SecLists.Org.