IPsumpdump : snaplen
Brecht Vermeulen
brecht.vermeulen at rug.ac.be
Mon Dec 17 14:44:26 EST 2001
Hi,
I've read about the ipsumpdump program in the NEWS of the Click 1.2.3
release and was directly enthusiast :-).
Downloaded and compiled it (without any problems !).
But if I use the tool to sniff directly the eth interfaces, something
strange appears :
a command like
./ipsumdump -l -L -s -d -S -D -p -i eth1
prints a lot of lines with dashes (--bad_packets says bad length) and
only the packets < 68 bytes are correctly printed.
if you supply -w filename, than everything is okay (and a tcpdump file
is created).
The line
int snaplen = (write_dump ? 2000 : 68);
in toipsumpdump.cc seems to be the problem. The snaplen is only set to
2000 if you dump also a tcpdump file.
Is there any reason for this or can I overrule this, because the tests
for correct length are of course not correct if you only snap 68 bytes,
but that is only what you need to see the headers.
Sometimes, I want to just have a trace of ip source, ip destination and
packet length, which makes it unneeded to dump a tcpdump file and
unneeded to snap more than 68 bytes. So maybe it should be possible to
turn off the tests (or if anyone has better ideas ?).
I like the tool because its output is much more configurable than that
of tcpdump.
regards,
Brecht
More information about the click
mailing list