8 May
2017
8 May
'17
8:20 p.m.
Well, isn't *that* special. Turns out the system declared time structure
is 64-bit and the on-disk capture files use 32-bit. Once I corrected
for that, the router is now writing error files that tcpdump is very
happy with. I assume wireshark will be too.
So now, if your gateway is sending packets that contain errors and would
be dropped and are therefore showing up in the pkterrors.txt file, you can
grab a capture file containing those erroneous packets from, for example,
https://gw.ampr.org/private/errors/1.2.3.4.pcap
(Of course, replace 1.2.3.4 with your own gateway address.)
The only thing missing is that pcap files have no way to contain an
indication of what the error was that caused that particular packet to
be rejected. You'll just have to correlate them with the errors reported
in the pkterrors.txt file for your gateway.
Keep in mind that the pkterrors.txt file and the accumulated pcap files
are deleted and start fresh every day at midnight Pacific time (GMT-7 or -8).
This is fun!
- Brian
On Mon, May 08, 2017 at 12:46:02PM -0700, Tom Hayward wrote:
Would you consider changing the format to pcap or
pcapng? This would
allow viewing the packets in Wireshark. The format isn't much more
complicated than the format you've chosen:
https://wiki.wireshark.org/Development/LibpcapFileFormat
Tom KD7LXL