tcpdump Mailing List

• Current Quarter
• RSS Feed
• About List
• All Lists

Covers the classic tcpdump text-based network sniffer and its libpcap sniffer library component.

List Archives

• Jan–Mar
• Apr–Jun
• Jul–Sep
• Oct–Dec
• 2025
• 10
• –
• –
• –
• 2024
• 19
• 34
• 22
• 36
• 2023
• 77
• 8
• 20
• 16
• 2022
• 21
• 47
• 37
• 17
• 2021
• 90
• 5
• 32
• 16
• 2020
• 57
• 69
• 72
• 61
• 2019
• 46
• 47
• 37
• 45
• 2018
• 41
• 58
• 149
• 32
• 2017
• 57
• 54
• 24
• 59
• 2016
• 33
• 73
• 63
• 48
• 2015
• 112
• 79
• 62
• 108
• 2014
• 133
• 84
• 69
• 112
• 2013
• 127
• 157
• 55
• 107
• 2012
• 176
• 84
• 53
• 144
• 2011
• 177
• 234
• 187
• 215
• 2010
• 217
• 131
• 85
• 141
• 2009
• 220
• 182
• 186
• 145
• 2008
• 233
• 140
• 139
• 269
• 2007
• 154
• 118
• 251
• 226
• 2006
• 200
• 147
• 71
• 162
• 2004
• 392
• 374
• 377
• 208
• 2003
• 315
• 283
• 259
• 304
• 2002
• –
• –
• –
• 319

Latest Posts

activities report for January and February 2025 Denis Ovsienko (Mar 18)
Hello all.

spend working on tcpdump and libpcap. This is being done for purposes
that will hopefully make sense later, meanwhile you can find the
monthly reports for January and February below. For March and later
months I am going to post similar reports as long as I continue
tracking the time in this manner.

This will hopefully make it easier to understand why many user requests
are being dealt with slower than desired (long story short: we...

CI news December 2024 - February 2025 (make check) Denis Ovsienko (Mar 18)
(Re-sending because the first copy seems to be lost on the mail
servers.)

Hello all.

I hope this finds you well. Below you can find a digest of the CI
infrastructure improvements since the previous update.

libpcap master branch now implements "make check" by means of a Perl
script (same as in tcpdump), which uses an intermediate C program to
feed various combinations of arguments into pcap_compile() and compares
the compiled filter...

[libpcap] Any reason to keep "--disable-protochain" configure option? Francois-Xavier Le Bail via tcpdump-workers (Feb 17)

Re: bpf_dump.c Guy Harris (Feb 12)
...which Denis has done.

Re: bpf_dump.c Guy Harris (Feb 12)
That's because the first one is part of tcpdump and the second one is part of libpcap.

Ditto.

It should be const, as it's not modifying the bpf_insn, just printing it.

The "extern int bids[]" and the lack of "i < NBIDS" are due to libpcap not exporting the internal bids[] array and not
exporting its size.

The rest is just different ways of saying the same thing.

Given that BDEBUG is a libpcap definition that...

Re: bpf_dump.c Denis Ovsienko via tcpdump-workers (Feb 12)

Re: bpf_dump.c Francois-Xavier Le Bail via tcpdump-workers (Feb 12)

bpf_dump.c Denis Ovsienko via tcpdump-workers (Feb 09)

Re: Question about an uninitialized array in bpf_filter Denis Ovsienko (Jan 07)
Done, thank you. Only the HP ANSI C compiler on HP-UX generated a
warning about it.

BPF issues that require careful planning Denis Ovsienko (Jan 07)
Hello all.

There exist a number of imperfections in BPF syntax and implementation,
which have little in common except addressing them would change one or
another long-established behaviour.

1. The long-standing VLAN/MPLS implicit offset shift, which has been
discussed in great detail already. A potential way to disambiguate
such keywords could be replacing each of these with two new keywords,
for example, "vlan-pop" (the...

CI news October-December 2024 Denis Ovsienko (Dec 13)
Hello all.

I hope this finds you well. Below you can find a digest of the CI
infrastructure improvements since the previous update.

* OmniOSce has upgraded illumos-amd64 OmniOS from r151050 to r151052,
GCC has been upgraded from 13.3 to 14.2, Clang has been upgraded from
16.0 to 19.1.
* freebsd-aarch64 and freebsd-amd64 have been upgraded from FreeBSD
14.1 to 14.2, which has upgraded GCC from 14.1 to 14.2.
* openbsd-aarch64,...

Re: New DLT Type for Model Railroad Protocols (DCC, MM, etc.) Olivier Chatelain (Dec 09)
Hi everybody,

I'm Oli from Switzerland and would like to add a new DLT Type, as
recommended by Graham et al. from WireShark.

I am codeing a dissector for model railroad centrals and decoders, based on
the "Digital Command Control (DCC)" and "RailCom" Standards.

It is currently implemented in WireShark using User-Type 16, but in
mid-term it would be optimal, if I could communicate to everybody a final
protocol and ID to...

Re: pcap-savefile(5) in libpcap-1.10 Denis Ovsienko (Dec 04)
[...]

It took me quite some time to comprehend the meaning of this encoding.
Perhaps the wording in the man page could be something such as:

P (1 bit): If set, indicates that the Frame Check Sequence (FCS) length
in this file is known and the "FCS len" below contains the length. If
not set, it indicates that the FCS length in this file is unknown, and
the value stored in "FCS len" does not mean anything.

Delivery reports about your e-mail gerald (Dec 01)
The original message was received at Sat, 30 Nov 2024 00:46:00 +0100
from wireshark.org [176.72.224.19]

----- The following addresses had permanent fatal errors -----
<tcpdump-workers () lists tcpdump org>

Re: capture and inject device capabilities in libpcap Denis Ovsienko (Dec 01)
Likewise, it is disputable whether no-capture devices should appear in
the user-visible list of capture devices with the flag or not appear at
all. After some prototyping the former made a bit more sense to me,
but other people may have different opinions. Anyway, the proof of
concept is available in the following two draft pull requests:

https://github.com/the-tcpdump-group/libpcap/pull/1388...

More Lists

Dozens of other network security lists are archived at SecLists.Org.