[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PROBLEM: all bytes of extracted payload from a dump file appears to be zero

To: "Irfan Ahmed" <ahm_irf@xxxxxxxxx>
Subject: Re: PROBLEM: all bytes of extracted payload from a dump file appears to be zero
From: "Lucas Woods" <woodzy@xxxxxxxxx>
Date: Thu, 8 Nov 2007 13:24:37 +1100
Cc: kernelnewbies@xxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=D9RppqDDk9CbhlqWOQmaupZWSFKIQUisDQCPilk4rts=; b=I5Oc9D4EWxobEQR5onJhB9/DpWWluupZKK/UgRBAJnmq2LyFGPKGloewDtqf3IklqKKN2zrs+U6qmurPetz7TRyH6TCoEUBZ5FlKsH+0DERInIyLM58iC+WJim8NGMkzUEK7Rx6X/wXVLlAtUTmK1SwxLxTm1A/o5sXQJQvMeGQ=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=StS9V4qfBtTYpJGB8O0zbLsFuQ9QJUsOEXVC60Xrcv8HtvfVQaF8COa1IhdMkmZphQG28YlofOIAVOhkDu7GxaYJMmKW+wIPQ45Kb9VPJ1Y5Wpn+FIk7E6GF1MbON6YEAF+WtqkpCckPz4ZzaPXR8FDkfcLuI7sLSS9Pwl2yyVY=
In-reply-to: <820428.8609.qm@web52809.mail.re2.yahoo.com>
List-archive: <http://mail.nl.linux.org/kernelnewbies/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <kernelnewbies.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:kernelnewbies@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=unsubscribe>
References: <820428.8609.qm@web52809.mail.re2.yahoo.com>
Sender: kernelnewbies-bounce@xxxxxxxxxxxx

On Nov 8, 2007 5:18 AM, Irfan Ahmed <ahm_irf@xxxxxxxxx> wrote:
>
> I am capturing the packets by using TCPDUMP on Linux fedora kernel 2.6.18.1
>
> when I have extracted the payload from packets I found out that the actual
> payload is of just 30 bytes out of 1448 bytes and rest of the payload is
> padded with zeros
>
>  any idea why this is happening .....

Use the flag "-s 0" to capture full packets.

From the tcpdump manpage:

 -s     Snarf snaplen bytes of data from each packet rather than the
default of 68 (with SunOSâs NIT, the minimum is  actually  96).   68
bytes is adequate for IP, ICMP, TCP and UDP but may truncate protocol
information from name server and NFS packets (see below).  Packets
truncated because of a limited snapshot are  indicated in the output
with ââ[|proto]ââ, where proto is the name of the protocol level at
which the trunction has occurred.  Note that taking larger snapshots
both increases the amount of time it takes to  process  packets  and,
effectively, decreases the amount of packet buffering.  This may cause
packets to be lost.  You should limit snaplen to the smallest number
that will capture the protocol information  you're interested in.
Setting snaplen to 0 means use the required length to catch whole
packets.

Cheers,
Lucas.

--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ

References:
- PROBLEM: all bytes of extracted payload from a dump file appears to be zero
  - From: Irfan Ahmed

Prev by Date: Re: help needed . for kernel compilation.
Next by Date: Re: How to lock an optical drive tray closed?
Previous by thread: PROBLEM: all bytes of extracted payload from a dump file appears to be zero
Next by thread: IRQ Dynamically Allocation
Index(es):
- Date
- Thread