cardigliano at ntop
Jul 12, 2012, 2:18 AM
Post #10 of 10
(691 views)
Permalink
|
On Jul 12, 2012, at 11:11 AM, frwa onto wrote:
> Dear Alfredo,
> Your yes is referring to which portion I am kind of confuse? Do you mean those are still valid right? Thank you.
Yes (those are still valid) :-)
Alfredo
>
> Regards,
> Shai.
>
> On Thu, Jul 12, 2012 at 5:08 PM, Alfredo Cardigliano <cardigliano [at] ntop> wrote:
>
> On Jul 12, 2012, at 10:59 AM, frwa onto wrote:
>
>> Dear Alfredo,
>> No problem. Beside that I notice IPV6 have eliminated quite a number of the header elements in comparison to IPV4. I notice tos,header length, packet length , flags, protocol, ackNum, sequence number and header cs are not there right. But when I do this h->len,proto2str(ip->ip_p) and h->extended_hdr.pkt_hash) still give me some values are those valid or not?
>
> Yes
>
> Alfredo
>
>>
>> Regards,
>> Frwa.
>>
>> On Thu, Jul 12, 2012 at 4:43 PM, Alfredo Cardigliano <cardigliano [at] ntop> wrote:
>> Frwa
>> sorry:
>> ./pfcount -i eth0 -v -m
>> (with a whitespace, eth0 is the interface name, put your)
>>
>> Alfredo
>>
>> On Jul 11, 2012, at 5:29 PM, frwa onto wrote:
>>
>>> Dear Alfredo,
>>> I tried and got this ./pfcount -i eth0-v -m
>>> pfring_open error [Invalid argument] (pf_ring not loaded or perhaps you use quick mode and have already a socket bound to eth0-v ?) but I could run ./pfcount by itself and ./pfcount -i and ./pfcount -m. So what could be wrong here? How about the extra information I asked just now should is there anything extra? Thank you.
>>>
>>> Regards,
>>> Frwa.
>>>
>>> On Wed, Jul 11, 2012 at 11:11 PM, Alfredo Cardigliano <cardigliano [at] ntop> wrote:
>>> Frwa
>>> it is working for me, please update from SVN and check with:
>>> ./pfcount -i eth0-v -m
>>> If it is still not working please tell us how to reproduce it (card model, drivers version, a .pcap)
>>>
>>> Regards
>>> Alfredo
>>>
>>> On Jul 11, 2012, at 4:53 PM, frwa onto wrote:
>>>
>>>> Dear Alfredo,
>>>> Ok I could get the mac properly but the ip is showing all 0000:0000:0000:0000:0000:0000: Besides that in ipv4 we have all this values so what are equivalent for ipv6.
>>>>
>>>> h->extended_hdr.parsed_header_len
>>>> h->extended_hdr.parsed_pkt.ipv4_tos
>>>> h->extended_hdr.parsed_pkt.l4_src_port
>>>> h->extended_hdr.parsed_pkt.l4_dst_port
>>>> h->len
>>>> h->extended_hdr.parsed_pkt.tcp.flags,
>>>> proto2str(ip->ip_p)
>>>> h->extended_hdr.parsed_pkt.tcp.ack_num
>>>> h->extended_hdr.parsed_pkt.tcp.seq_num
>>>> h->extended_hdr.pkt_hash
>>>>
>>>> Regards,
>>>> Frwa.
>>>>
>>>> On Wed, Jul 11, 2012 at 5:54 PM, Alfredo Cardigliano <cardigliano [at] ntop> wrote:
>>>> Frwa
>>>> please have a look at PF_RING/userland/examples/pfcount.c:395
>>>>
>>>> Regards
>>>> Alfredo
>>>>
>>>> On Jul 11, 2012, at 8:47 AM, frwa onto wrote:
>>>>
>>>> > Dear All,
>>>> > We are using pfcount codes as our base. We would like to capture IPV6 information so we I guess it will all come under here rite if(h->extended_hdr.parsed_pkt.eth_type == 0x0806). For ipv4 we managed to capture things like source ip intoa(ntohl(ip->ip_src.s_addr)), destinaton ip intoa(ntohl(ip->ip_dst.s_addr)), source mac h->extended_hdr.parsed_pkt.smac, destination mac h->extended_hdr.parsed_pkt.dmac ,source port h->extended_hdr.parsed_pkt.l4_src_port and destination port h->extended_hdr.parsed_pkt.l4_dst_port . In order to capture V6 information can we use this same method or it will be totally different? Thank you.
>>>> > _______________________________________________
>>>> > Ntop-misc mailing list
>>>> > Ntop-misc [at] listgateway
>>>> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>>
>>>> _______________________________________________
>>>> Ntop-misc mailing list
>>>> Ntop-misc [at] listgateway
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>>
>>>> _______________________________________________
>>>> Ntop-misc mailing list
>>>> Ntop-misc [at] listgateway
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> Ntop-misc [at] listgateway
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> Ntop-misc [at] listgateway
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc [at] listgateway
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> Ntop-misc [at] listgateway
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
|
