Open alaertegv opened 5 years ago
Kaian
commented
5 years ago Hi @alaertegv
Sngrep does not support parsing two vlan headers, and the current version is only receiving bugfixes.
If you don't mind, attach a pcap (inside a zip file) to the issue with a sample dialog so we can have some data to test in future releases.
Thanks!
dovi5988
commented
2 years ago Hi,
Is this something that may be considered for the future? If yes I will upload an example in a bit.
Kaian
commented
2 years ago Sure!
pcaps always help for debuging and testing new features. I can check how the headers are and evaluate if this is just skipping some bytes or a more complex enhancement.
Although I will be on holidays a couple of weeks, I'll try to check this afterwards.
Thanks!
Hi, please appreciate your help: it is my second installation of SNGREP, the first one works very well on native PCAPs, but this time the PCAPs are using remote port mirroring so the packets are received with two Vlan encapsulation. If I use sngrep -r eth0 it can not recognize the SIP packets. I need to manually capture with TCPDUMP, use a tool like STRIPE then I can use sngrep offline. But the real nice usage of sngrep for me is the online to capture in real time. Do you know if there is way to solve this challenge?
Thanks for your time. example of Vlan over Vlan that SNGREP cannot recognize SIP packets.docx