tcpdump Mailing List

• Current Quarter
• RSS Feed
• About List
• All Lists

Covers the classic tcpdump text-based network sniffer and its libpcap sniffer library component.

List Archives

• Jan–Mar
• Apr–Jun
• Jul–Sep
• Oct–Dec
• 2025
• 10
• 42
• 25
• 12
• 2024
• 19
• 34
• 22
• 36
• 2023
• 77
• 8
• 20
• 16
• 2022
• 21
• 47
• 37
• 17
• 2021
• 90
• 5
• 32
• 16
• 2020
• 57
• 69
• 72
• 61
• 2019
• 46
• 47
• 37
• 45
• 2018
• 41
• 58
• 149
• 32
• 2017
• 57
• 54
• 24
• 59
• 2016
• 33
• 73
• 63
• 48
• 2015
• 112
• 79
• 62
• 108
• 2014
• 133
• 84
• 69
• 112
• 2013
• 127
• 157
• 55
• 107
• 2012
• 176
• 84
• 53
• 144
• 2011
• 177
• 234
• 187
• 215
• 2010
• 217
• 131
• 85
• 141
• 2009
• 220
• 182
• 186
• 145
• 2008
• 233
• 140
• 139
• 269
• 2007
• 154
• 118
• 251
• 226
• 2006
• 200
• 147
• 71
• 162
• 2004
• 392
• 374
• 377
• 208
• 2003
• 315
• 283
• 259
• 304
• 2002
• –
• –
• –
• 319

Latest Posts

Re: updates needed to print-udp.c.. (was Re: RFC 9868 on Transport Options for UDP) Francois via tcpdump-workers (Oct 09)

Re: updates needed to print-udp.c.. (was Re: RFC 9868 on Transport Options for UDP) Bill Fenner (Oct 08)
RFC9868 basically had a couple of guesses as to why there is a separate
length field, but basically says the reasons are lost to time.

Bill

Re: updates needed to print-udp.c.. (was Re: RFC 9868 on Transport Options for UDP) Guy Harris (Oct 08)
But if the UDP header hadn't had a length field in the first place, and the UDP payload always ran to the end of the
(possibly-reassembled) IP datagram, there wouldn't be a length field to check.

Re: updates needed to print-udp.c.. (was Re: RFC 9868 on Transport Options for UDP) Francois via tcpdump-workers (Oct 08)

Re: updates needed to print-udp.c.. (was Re: RFC 9868 on Transport Options for UDP) Guy Harris (Oct 08)
OK, so does this finally make the Length field in the UDP header serve a useful purpose, or was there a purpose for it
*before* this that I didn't know about?

Re: updates needed to print-udp.c.. (was Re: RFC 9868 on Transport Options for UDP) Francois via tcpdump-workers (Oct 08)

updates needed to print-udp.c.. (was Re: RFC 9868 on Transport Options for UDP) Michael Richardson (Oct 08)
rfc-editor () rfc-editor org wrote:
> A new Request for Comments is now available in online RFC libraries.
> RFC 9868

> Title: Transport Options for UDP
> URL: https://www.rfc-editor.org/info/rfc9868
> DOI: 10.17487/RFC9868

> Transport protocols are extended through the use of transport header
> options. This document updates RFC 768 (UDP) by indicating the
> location,...

Re: v4/v6 packet length printing inconsistency Francois via tcpdump-workers (Oct 08)

Re: capturing 802.11 station attachment/detachment traffic Michael Richardson (Oct 03)
Guy Harris <gharris () sonic net> wrote:
>> This happens most often in the evening, during "prime TV" time.
>> I think that I need to be capturing from the wifi monitor interface.
>> That does not seem to still be a thing, so I'm not sure what to do.

> It's A Long Story. At this point, there is no general-purpose OS with
> whose monitor-mode support doesn't annoy me in...

Re: capturing 802.11 station attachment/detachment traffic Guy Harris (Oct 02)
It's A Long Story. At this point, there is no general-purpose OS with whose monitor-mode support doesn't annoy me in
some fashion.

As I understand it, for Linux, the "right" way to set up monitor mode, at least with mac80211 devices, is to create a
new "virtual interface" in monitor mode, and capture on that. See https://wiki.wireshark.org/CaptureSetup/WLAN#linux -
libpcap will do that *if* built with libnl,...

Re: capturing 802.11 station attachment/detachment traffic M.TARMIZI TAHIR (Oct 02)
Thank you for the information

Pada Sen, 22 Sep 2025, 23.22, Michael Richardson <mcr () sandelman ca> menulis:

activities report for September 2025 Denis Ovsienko (Oct 02)
September 2025
==============

The accounted activities in September stand for 23:25 working hours and
14 commits (8 in libpcap and 6 in tcpdump-htdocs). There are 8 new
tests in libpcap. This month’s work comprises:

* upgrading of the three NetBSD worker hosts to the latest snapshot of
NetBSD 10 and pkgsrc-2025Q3,
* upgrading of the linux-amd64 worker host to Debian 13 (this upgraded
GCC from 12.2 to 14.2, as well as Clang from 16.0 to...

capturing 802.11 station attachment/detachment traffic Michael Richardson (Sep 22)
I have problems with wifi my kitchen/Den. This has gone one for some years
through a number of different access points. What I think is that some
neighbour has non-compliant equipment (provided by an malicious incumbent
telco) that uses 802.11g without fallback, kicking my equipment out.

This happens most often in the evening, during "prime TV" time.
I think that I need to be capturing from the wifi monitor interface.
That does not...

activities report for August 2025 Denis Ovsienko (Sep 02)
August 2025
===========

The accounted activities in August stand for 11:40 working hours and 6
commits (3 in tcpdump, 2 in libpcap, 1 in tcpdump-htdocs).

Other accounted activities include:
* updates to a few pull requests and bug reports,
* manual testing,
* installation of routine updates on various hosts,
* replacement of a faulty web server VM, and
* upgrading of ci.tcpdump.org from Ubuntu 22.04 to 24.04....

Re: B.A.T.M.A.N. Advanced libpcap pull-request Michael Richardson (Aug 15)
Linus Lüssing <linus.luessing () c0d3 blue> wrote:
> I wanted to cautiously inquire about the pull-request I had filed
> about 5 years ago for adding B.A.T.M.A.N. Advanced support to
> libpcap here:

> "Add support for B.A.T.M.A.N. Advanced #980"
-> https://github.com/the-tcpdump-group/libpcap/pull/980

Oh, yeah, I remember now.
I had hoped to get Bill Fenner to review the pcap compiler changes....

More Lists

Dozens of other network security lists are archived at SecLists.Org.