[Click] tcpdump file link type header format - in detail

Vaithiyanathan Sundaram s.vaithiyanathan at knights.ucf.edu
Sun Jun 24 16:11:16 EDT 2012 

Thank you so much for your response Beyers. 

This is what I did:

1. TCPDUMP capture commands I tried so far: (I am running linux in Virtual Box). I tried the same in standalone linux too. 
tcpdump -i p2p1 -w final.dump
tcpdump -i p2p1 -f tcp -w final.dump
tcpdump -i p2p1 ip -w final.dump
tcpdump -i p2p1 tcp -w final.dump
tcpdump -i p2p1 -A -w final.dump
tcpdump -i p2p1 -x -A -w final.dump
tcpdump -i p2p1 -x -A -nn -vvv -w final.dump
All the commands produced different dumps indeed. 

2. My different versions of the .click config files
FromDump(/home/Vaidsu/ClickGUD/click-2.0.1/click-tutorial1/gud.dump, STOP true)
-> cip	:: MarkIPHeader  
-> ctcp :: CheckTCPHeader(DETAILS true)
-> Discard
DriverManager(pause, print >>details.drops ctcp.drops,
		print >>details.drops ctcp.drop_details)
I used MarkIPHeader, CheckIPHeader and even Align(2/4/8,0) offset. 
I also tried to use FromDump -> ToDump to convert from EN10MB trace to RAW IP trace. 

3. In addition to all these I tried to generate the same dump files in tshark, even WinDump and tried using it here. Also tried converting pcap wireshark dump and using it. 

4. I tried FromTcpdump too. 

The errors I got so far:
1. Bad Ip header
2. warning: first line suspicious; is this a tcpdump output file?
3. packet parse error - while using FromTcpdump
4. Importantly when I get no error, I found that the details.drops reported that all packets are not TCP. I bet there are lots of TCP flows in the trace. Wireshark could detect it. 
9420
9420	not TCP
0	bad packet length
0	bad TCP checksum

Sorry for the long mail. wanted to completely explain my attempts to get your help. I am stuck here. 
1. Do I need to create a file that capture RAW IP by avoiding link level headers? Or
2. Do I need to create my own parser to parse the dump files? 

Thanks in advance.  


________________________________________
From: click-bounces at pdos.csail.mit.edu [click-bounces at pdos.csail.mit.edu] on behalf of click-request at pdos.csail.mit.edu [click-request at pdos.csail.mit.edu]
Sent: Sunday, June 24, 2012 12:00 PM
To: click at pdos.csail.mit.edu
Subject: click Digest, Vol 108, Issue 9

Send click mailing list submissions to
        click at amsterdam.lcs.mit.edu

To subscribe or unsubscribe via the World Wide Web, visit
        https://amsterdam.lcs.mit.edu/mailman/listinfo/click
or, via email, send a message with subject or body 'help' to
        click-request at amsterdam.lcs.mit.edu

You can reach the person managing the list at
        click-owner at amsterdam.lcs.mit.edu

When replying, please edit your Subject line so it is more specific
than "Re: Contents of click digest..."


Today's Topics:

   1. tcpdump file link type header format (Vaithiyanathan Sundaram)
   2. Re: tcpdump file link type header format (Beyers Cronje)


----------------------------------------------------------------------

Message: 1
Date: Sat, 23 Jun 2012 19:44:53 +0000
From: Vaithiyanathan Sundaram <s.vaithiyanathan at knights.ucf.edu>
Subject: [Click] tcpdump file link type header format
To: "click at amsterdam.lcs.mit.edu" <click at pdos.csail.mit.edu>
Message-ID:
        <2F4314DB472A5B4387DBE195EF7F79F4500AFD at BY2PRD0710MB365.namprd07.prod.outlook.com>

Content-Type: text/plain; charset="iso-8859-1"

Hello,

My first requirement is to generate TCP traffic with respect to the input in the form of tcpdump.
I tried using
FromDump(...)
-> CheckTCPHeader
-> My parser
-> TCPIPSend (according to the parser).

I am working on a shared buffer research. I need a tcp traffic generator as per the dump. My only problem is the tcpdump type. I could only collect a TCP dump with EN01B (ethernet) link type header. I think click elements requires RAW IP header format. How do I generate that? Is there any other way.

Please help. Thanks a lot.

Vaithiyanathan
Mailing list: s.vaithiyanathan at knights.ucf.edu


------------------------------

Message: 2
Date: Sat, 23 Jun 2012 22:46:28 +0200
From: Beyers Cronje <bcronje at gmail.com>
Subject: Re: [Click] tcpdump file link type header format
To: "click at amsterdam.lcs.mit.edu" <click at pdos.csail.mit.edu>
Message-ID:
        <CAOO3n8WgdAE36QSv9R=74Fhx69sWcZT-_MPfZFiSTFo=OGRjig at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

Have you actually tried running FromDump with that capture file? What error
are you getting?

Note you should include a MarkIPHeader or CheckIPHeader element before
CheckTCPHeader as it requires the IP header annotation to be set already.

Beyers

On Sat, Jun 23, 2012 at 9:44 PM, Vaithiyanathan Sundaram <
s.vaithiyanathan at knights.ucf.edu> wrote:

> Hello,
>
> My first requirement is to generate TCP traffic with respect to the input
> in the form of tcpdump.
> I tried using
> FromDump(...)
> -> CheckTCPHeader
> -> My parser
> -> TCPIPSend (according to the parser).
>
> I am working on a shared buffer research. I need a tcp traffic generator
> as per the dump. My only problem is the tcpdump type. I could only collect
> a TCP dump with EN01B (ethernet) link type header. I think click elements
> requires RAW IP header format. How do I generate that? Is there any other
> way.
>
> Please help. Thanks a lot.
>
> Vaithiyanathan
> Mailing list: s.vaithiyanathan at knights.ucf.edu
> _______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>


------------------------------

_______________________________________________
click mailing list
click at amsterdam.lcs.mit.edu
https://amsterdam.lcs.mit.edu/mailman/listinfo/click


End of click Digest, Vol 108, Issue 9
*************************************

More information about the click mailing list