Tux

...making Linux just a little more fun!

inquiry on tcpdump

Ignacio, Domingo Jr Ostria - igndo001 [DomingoJr.Ignacio at postgrads.unisa.edu.au]


Tue, 1 Jul 2008 13:24:03 +0930

Hello everyone,

Good day!

I am using tcpdump in my linux system to sniff and capture tcp packet headers.

I inserted a new variable, srtt, into the print_tcp.h header file and tcp.c source code. I want to print/ouput/capture the inserted variable srtt into the tcp packet headers once I run tcpdump. Any idea on how to go about this?

However, once I run tcpdump with all the changes I made (of course, after configuring and making) and I got an error: Bad header length and <bad opt>.

I tried to increase the snaplength to 1514 but I still got the same errors. What seems to be the problem, anyone? Thanks!

Also, I cannot see the inserted srtt variable in the tcpdump trace files. Any idea on these guys?

I don't know if this is the right venue to ask these question since this is for linux queries but still I am hoping that anyone has an experience on this. Help would be appreciated.

Cheers, Dom


Top    Back


René Pfeiffer [lynx at luchs.at]


Tue, 1 Jul 2008 09:05:15 +0200

Hello!

On Jul 01, 2008 at 1324 +0930, Ignacio, Domingo Jr Ostria - igndo001 appear= ed and said:

> [...]
> I am using tcpdump in my linux system to sniff and capture tcp packet
> headers.
>
> I  inserted a new variable, srtt, into  the print_tcp.h header file  and
> tcp.c source code.
> I want  to print/ouput/capture  the inserted variable srtt into  the tcp
> packet headers once I run tcpdump.
> Any idea on how to go about this?
>
> However, once I run tcpdump with all the changes I made (of course,
> after configuring and making) and  I got an error:
> Bad header length and <bad opt>.

Can you provide the full command line you used and tell us which Linux distribution this is (Fedora, Debian, Gentoo, etc.)?

Best, René.


Top    Back


Jim Jackson [jj at franjam.org.uk]


Tue, 1 Jul 2008 09:16:08 +0100 (BST)

On Tue, 1 Jul 2008, Ignacio, Domingo Jr Ostria - igndo001 wrote:

> I am using tcpdump in my linux system to sniff and capture tcp packet
> headers.
>
> I  inserted a new variable, srtt, into  the print_tcp.h header file  and
> tcp.c source code.
> I want  to print/ouput/capture  the inserted variable srtt into  the tcp
> packet headers once I run tcpdump.
> Any idea on how to go about this?
>
> However, once I run tcpdump with all the changes I made (of course,
> after configuring and making) and  I got an error:
> Bad header length and <bad opt>.
>
> I tried to increase the snaplength to 1514 but I still got the same
> errors. What seems to be the problem, anyone? Thanks!
>
> Also, I cannot see the inserted srtt variable in the tcpdump trace
> files. Any idea on these guys?
>
> I don't know if this is the right venue to ask these question since this
> is for linux queries but still I am hoping that anyone has an experience
> on this. Help would be appreciated.

This is a specialist query about making changes to the source code of tcpdump. I suspect you really need to find a suitable network programming list or newsgroup.

In fact I have just now googled for

   tcpdump homepage

and found

https://www.tcpdump.org/

And under "Mailing Lists" seen that there is a tcpdump-workers email list. There you are likely to find people who know the working of the tcpdump code and there are a LOT more likely to be able to help you.


Top    Back


Ignacio, Domingo Jr Ostria - igndo001 [DomingoJr.Ignacio at postgrads.unisa.edu.au]


Wed, 2 Jul 2008 15:21:31 +0930

Hi Rene' and the rest of the gang,

The filter command line is:

$tcpdump tcp -vvv -i eth0

That was the command I used to capture the tcp packet headers

I thought it has something to do with the snaplen that I got the bad opt and header length too short<20 error that I modified my filter to up to 1514 bytes instead of the default 96 bytes.

$tcpdump tcp -vvv -s 1514 -i eth0

By the way, I am using fedora 4.

Thanks for the help.

Cheers, Dom


Top    Back


René Pfeiffer [lynx at luchs.at]


Thu, 3 Jul 2008 23:18:57 +0200

Hello, Dom!

On Jul 02, 2008 at 1521 +0930, Ignacio, Domingo Jr Ostria - igndo001 appear= ed and said:

> Hi Rene' and the rest of the gang,
>
> The filter command line is:
>
> $tcpdump tcp -vvv -i eth0
>
> That was the command I used to capture the tcp packet headers

Well, that's what the command does, but you want to extract round trip times as far as I understood your project. tcpdump can't do that. You have to analyse the timestamps and the sequence numbers yourself or use a different tool for that. Ethereal/Wireshark has some plugins to do TCP stream analysis. You can also use https://www.tcptrace.org/ or similar tools for further analysis, but I don't think tcpdump can do much more than collecting the data.

Best, René.


Top    Back