...making Linux just a little more fun!
Ignacio, Domingo Jr Ostria - igndo001 [DomingoJr.Ignacio at postgrads.unisa.edu.au]
Hello everyone,
Good day!
I am using tcpdump in my linux system to sniff and capture tcp packet headers.
I inserted a new variable, srtt, into the print_tcp.h header file and tcp.c source code. I want to print/ouput/capture the inserted variable srtt into the tcp packet headers once I run tcpdump. Any idea on how to go about this?
However, once I run tcpdump with all the changes I made (of course, after configuring and making) and I got an error: Bad header length and <bad opt>.
I tried to increase the snaplength to 1514 but I still got the same errors. What seems to be the problem, anyone? Thanks!
Also, I cannot see the inserted srtt variable in the tcpdump trace files. Any idea on these guys?
I don't know if this is the right venue to ask these question since this is for linux queries but still I am hoping that anyone has an experience on this. Help would be appreciated.
Cheers, Dom
René Pfeiffer [lynx at luchs.at]
Hello!
On Jul 01, 2008 at 1324 +0930, Ignacio, Domingo Jr Ostria - igndo001 appear= ed and said:
> [...] > I am using tcpdump in my linux system to sniff and capture tcp packet > headers. > > I inserted a new variable, srtt, into the print_tcp.h header file and > tcp.c source code. > I want to print/ouput/capture the inserted variable srtt into the tcp > packet headers once I run tcpdump. > Any idea on how to go about this? > > However, once I run tcpdump with all the changes I made (of course, > after configuring and making) and I got an error: > Bad header length and <bad opt>.
Can you provide the full command line you used and tell us which Linux distribution this is (Fedora, Debian, Gentoo, etc.)?
Best, René.
Jim Jackson [jj at franjam.org.uk]
On Tue, 1 Jul 2008, Ignacio, Domingo Jr Ostria - igndo001 wrote:
> I am using tcpdump in my linux system to sniff and capture tcp packet > headers. > > I inserted a new variable, srtt, into the print_tcp.h header file and > tcp.c source code. > I want to print/ouput/capture the inserted variable srtt into the tcp > packet headers once I run tcpdump. > Any idea on how to go about this? > > However, once I run tcpdump with all the changes I made (of course, > after configuring and making) and I got an error: > Bad header length and <bad opt>. > > I tried to increase the snaplength to 1514 but I still got the same > errors. What seems to be the problem, anyone? Thanks! > > Also, I cannot see the inserted srtt variable in the tcpdump trace > files. Any idea on these guys? > > I don't know if this is the right venue to ask these question since this > is for linux queries but still I am hoping that anyone has an experience > on this. Help would be appreciated.
This is a specialist query about making changes to the source code of tcpdump. I suspect you really need to find a suitable network programming list or newsgroup.
In fact I have just now googled for
tcpdump homepage
and found
And under "Mailing Lists" seen that there is a tcpdump-workers email list. There you are likely to find people who know the working of the tcpdump code and there are a LOT more likely to be able to help you.
Ignacio, Domingo Jr Ostria - igndo001 [DomingoJr.Ignacio at postgrads.unisa.edu.au]
Hi Rene' and the rest of the gang,
The filter command line is:
$tcpdump tcp -vvv -i eth0
That was the command I used to capture the tcp packet headers
I thought it has something to do with the snaplen that I got the bad opt and header length too short<20 error that I modified my filter to up to 1514 bytes instead of the default 96 bytes.
$tcpdump tcp -vvv -s 1514 -i eth0
By the way, I am using fedora 4.
Thanks for the help.
Cheers, Dom
René Pfeiffer [lynx at luchs.at]
Hello, Dom!
On Jul 02, 2008 at 1521 +0930, Ignacio, Domingo Jr Ostria - igndo001 appear= ed and said:
> Hi Rene' and the rest of the gang, > > The filter command line is: > > $tcpdump tcp -vvv -i eth0 > > That was the command I used to capture the tcp packet headers
Well, that's what the command does, but you want to extract round trip times as far as I understood your project. tcpdump can't do that. You have to analyse the timestamps and the sequence numbers yourself or use a different tool for that. Ethereal/Wireshark has some plugins to do TCP stream analysis. You can also use https://www.tcptrace.org/ or similar tools for further analysis, but I don't think tcpdump can do much more than collecting the data.
Best, René.