Support for 802.1q when reading from pcap does not work properly
Brought to you by:
jpr5
Menu
▾
▴
#39 Support for 802.1q when reading from pcap does not work properly
None
open
5
2017-09-06
2016-06-20
No
I am able to capture off the wire with vlans being read (regexs work and provide output - I can even output to a pcap) - If I capture to a pcap and use ngrep -I pcapfile - it immediately exits:
ngrep -i -I vk-pcap.pcap 'Host:' 'vlan' -n 100 -O ug-pcap.pcap
input: ug-pcap.pcap
filter: ( vlan ) and (ip or ip6)
match: Host:
output: ug-pcap.pcap
exit
This happens when I capture from a 802.1q network via tcpdump or ngrep - it appears something isn't working the same for reading pcaps as for reading from the wire?
I may be able to provide some example pcaps privately - so you can recreate in your test environment.
Thanks for the bug report, and sorry for the delay - bugs/issues are managed here now: https://github.com/jpr5/ngrep/issues
There's been a lot of changes over the last year regarding VLAN support. If you're still interested, would you mind testing the latest master to see if it addresses your issue? https://github.com/jpr5/ngrep
PCAP dump files are always welcome, as well.
cheers,
--jordan