idosch/gist:3d524b887e16bc11b4b19e25c23dcc23

## gistfile1.txt
dropwatch> set alertmode packet
Setting alert mode
Alert mode successfully set
dropwatch>
dropwatch> set trunc 64
Setting truncation length to 64
Truncation length successfully set
dropwatch>
dropwatch> show
Getting existing configuration
Alert mode: Packet
Truncation length: 64
Queue length: 1000
dropwatch>
dropwatch> start
Enabling monitoring...
Kernel monitoring activated.
Issue Ctrl-C to stop monitoring
drop at: ip6_mc_input+0x8b8/0xef8 (0xffffffffb9468868)
input port ifindex: 4
timestamp: Sun Aug 11 10:21:29 2019 103754403 nsec
protocol: 0x86dd
length: 64
original length: 110

drop at: br_stp_rcv+0x1ac/0x118e (0xffffffffb95d3ecc)
input port ifindex: 4
timestamp: Sun Aug 11 10:21:29 2019 180162751 nsec
protocol: 0x4
length: 64
original length: 119

## gistfile2.txt
Linux netlink (cooked header)
    Link-layer address type: Netlink (824)
    Family: Generic (0x0010)
Linux Generic Netlink protocol
    Netlink message header (type: 0x0018)
        Length: 180
        Family ID: 0x18 (NET_DM)
        Flags: 0x0000
            .... .... .... ...0 = Request: 0
            .... .... .... ..0. = Multipart message: 0
            .... .... .... .0.. = Ack: 0
            .... .... .... 0... = Echo: 0
            .... .... ...0 .... = Dump inconsistent: 0
            .... .... ..0. .... = Dump filtered: 0
        Sequence: 0
        Port ID: 0
    Command: Drop alert (packet) (5)
    Family Version: 2
    Reserved
Linux net_dm (network drop monitor) protocol
    Attribute: Drop location (PC): 0xffffffffb9468868
        Len: 12
        Type: 0x0002, Drop location (PC) (2)
            0... .... .... .... = Nested: 0
            .0.. .... .... .... = Network byte order: 0
            Attribute type: Drop location (PC) (2)
        Program counter: 0xffffffffb9468868
    Attribute: Drop location (symbol): ip6_mc_input+0x8b8/0xef8
        Len: 29
        Type: 0x0003, Drop location (symbol) (3)
            0... .... .... .... = Nested: 0
            .0.. .... .... .... = Network byte order: 0
            Attribute type: Drop location (symbol) (3)
        Symbol: ip6_mc_input+0x8b8/0xef8
    Attribute: Input port
        Len: 12
        Type: 0x8004, Nested, Input port (4)
            1... .... .... .... = Nested: 1
            .0.. .... .... .... = Network byte order: 0
            Attribute type: Unknown (32772)
        Attribute: Net device index: 4
            Len: 8
            Type: 0x0000, Net device index (0)
                0... .... .... .... = Nested: 0
                .0.. .... .... .... = Network byte order: 0
                Attribute type: Net device index (0)
            Port net device index: 4
    Attribute: Timestamp
        Len: 20
        Type: 0x0005, Timestamp (5)
            0... .... .... .... = Nested: 0
            .0.. .... .... .... = Network byte order: 0
            Attribute type: Timestamp (5)
        Timestamp: Aug 11, 2019 10:24:05.349513898 IDT
    Attribute: Original length: 201
        Len: 8
        Type: 0x000a, Original length (10)
            0... .... .... .... = Nested: 0
            .0.. .... .... .... = Network byte order: 0
            Attribute type: Original length (10)
        Original length: 201
    Attribute: Protocol
        Len: 6
        Type: 0x0006, Protocol (6)
            0... .... .... .... = Nested: 0
            .0.. .... .... .... = Network byte order: 0
            Attribute type: Protocol (6)
        Protocol: 0x86dd
    Attribute: Payload
        Len: 68
        Type: 0x0007, Payload (7)
            0... .... .... .... = Nested: 0
            .0.. .... .... .... = Network byte order: 0
            Attribute type: Payload (7)
        Ethernet II, Src: ec:0d:9a:c6:09:08, Dst: 33:33:00:01:00:02
            Destination: 33:33:00:01:00:02
                Address: 33:33:00:01:00:02
                .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
                .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
            Source: ec:0d:9a:c6:09:08
                Address: ec:0d:9a:c6:09:08
                .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
                .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
            Type: IPv6 (0x86dd)
        Internet Protocol Version 6, Src: fe80::ee0d:9aff:fec6:908, Dst: ff02::1:2
            0110 .... = Version: 6
            .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
                .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
                .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
            .... .... .... 1000 1001 1100 1101 0101 = Flow Label: 0x89cd5
            Payload Length: 147
                [Expert Info (Warning/Protocol): IPv6 payload length exceeds framing length (10 bytes)]
                    [IPv6 payload length exceeds framing length (10 bytes)]
                    [Severity level: Warning]
                    [Group: Protocol]
            Next Header: UDP (17)
            Hop Limit: 1
            Source: fe80::ee0d:9aff:fec6:908
            Destination: ff02::1:2
            [Source SA MAC: ec:0d:9a:c6:09:08]
        User Datagram Protocol, Src Port: 546, Dst Port: 547
            Source Port: 546
            Destination Port: 547
            Length: 147 (bogus, payload length 10)
                [Expert Info (Error/Malformed): Bad length value 147 > IP payload length]
                    [Bad length value 147 > IP payload length]
                    [Severity level: Error]
                    [Group: Malformed]
            Checksum: 0x7051 [unverified]
            [Checksum Status: Unverified]
            [Stream index: 1]
            [Timestamps]
                [Time since first frame: 0.000000000 seconds]
                [Time since previous frame: 0.000000000 seconds]
	dropwatch> set alertmode packet
	Setting alert mode
	Alert mode successfully set
	dropwatch>
	dropwatch> set trunc 64
	Setting truncation length to 64
	Truncation length successfully set
	dropwatch>
	dropwatch> show
	Getting existing configuration
	Alert mode: Packet
	Truncation length: 64
	Queue length: 1000
	dropwatch>
	dropwatch> start
	Enabling monitoring...
	Kernel monitoring activated.
	Issue Ctrl-C to stop monitoring
	drop at: ip6_mc_input+0x8b8/0xef8 (0xffffffffb9468868)
	input port ifindex: 4
	timestamp: Sun Aug 11 10:21:29 2019 103754403 nsec
	protocol: 0x86dd
	length: 64
	original length: 110

	drop at: br_stp_rcv+0x1ac/0x118e (0xffffffffb95d3ecc)
	input port ifindex: 4
	timestamp: Sun Aug 11 10:21:29 2019 180162751 nsec
	protocol: 0x4
	length: 64
	original length: 119
	Linux netlink (cooked header)
	Link-layer address type: Netlink (824)
	Family: Generic (0x0010)
	Linux Generic Netlink protocol
	Netlink message header (type: 0x0018)
	Length: 180
	Family ID: 0x18 (NET_DM)
	Flags: 0x0000
	.... .... .... ...0 = Request: 0
	.... .... .... ..0. = Multipart message: 0
	.... .... .... .0.. = Ack: 0
	.... .... .... 0... = Echo: 0
	.... .... ...0 .... = Dump inconsistent: 0
	.... .... ..0. .... = Dump filtered: 0
	Sequence: 0
	Port ID: 0
	Command: Drop alert (packet) (5)
	Family Version: 2
	Reserved
	Linux net_dm (network drop monitor) protocol
	Attribute: Drop location (PC): 0xffffffffb9468868
	Len: 12
	Type: 0x0002, Drop location (PC) (2)
	0... .... .... .... = Nested: 0
	.0.. .... .... .... = Network byte order: 0
	Attribute type: Drop location (PC) (2)
	Program counter: 0xffffffffb9468868
	Attribute: Drop location (symbol): ip6_mc_input+0x8b8/0xef8
	Len: 29
	Type: 0x0003, Drop location (symbol) (3)
	0... .... .... .... = Nested: 0
	.0.. .... .... .... = Network byte order: 0
	Attribute type: Drop location (symbol) (3)
	Symbol: ip6_mc_input+0x8b8/0xef8
	Attribute: Input port
	Len: 12
	Type: 0x8004, Nested, Input port (4)
	1... .... .... .... = Nested: 1
	.0.. .... .... .... = Network byte order: 0
	Attribute type: Unknown (32772)
	Attribute: Net device index: 4
	Len: 8
	Type: 0x0000, Net device index (0)
	0... .... .... .... = Nested: 0
	.0.. .... .... .... = Network byte order: 0
	Attribute type: Net device index (0)
	Port net device index: 4
	Attribute: Timestamp
	Len: 20
	Type: 0x0005, Timestamp (5)
	0... .... .... .... = Nested: 0
	.0.. .... .... .... = Network byte order: 0
	Attribute type: Timestamp (5)
	Timestamp: Aug 11, 2019 10:24:05.349513898 IDT
	Attribute: Original length: 201
	Len: 8
	Type: 0x000a, Original length (10)
	0... .... .... .... = Nested: 0
	.0.. .... .... .... = Network byte order: 0
	Attribute type: Original length (10)
	Original length: 201
	Attribute: Protocol
	Len: 6
	Type: 0x0006, Protocol (6)
	0... .... .... .... = Nested: 0
	.0.. .... .... .... = Network byte order: 0
	Attribute type: Protocol (6)
	Protocol: 0x86dd
	Attribute: Payload
	Len: 68
	Type: 0x0007, Payload (7)
	0... .... .... .... = Nested: 0
	.0.. .... .... .... = Network byte order: 0
	Attribute type: Payload (7)
	Ethernet II, Src: ec:0d:9a:c6:09:08, Dst: 33:33:00:01:00:02
	Destination: 33:33:00:01:00:02
	Address: 33:33:00:01:00:02
	.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
	.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
	Source: ec:0d:9a:c6:09:08
	Address: ec:0d:9a:c6:09:08
	.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
	.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
	Type: IPv6 (0x86dd)
	Internet Protocol Version 6, Src: fe80::ee0d:9aff:fec6:908, Dst: ff02::1:2
	0110 .... = Version: 6
	.... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
	.... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
	.... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
	.... .... .... 1000 1001 1100 1101 0101 = Flow Label: 0x89cd5
	Payload Length: 147
	[Expert Info (Warning/Protocol): IPv6 payload length exceeds framing length (10 bytes)]
	[IPv6 payload length exceeds framing length (10 bytes)]
	[Severity level: Warning]
	[Group: Protocol]
	Next Header: UDP (17)
	Hop Limit: 1
	Source: fe80::ee0d:9aff:fec6:908
	Destination: ff02::1:2
	[Source SA MAC: ec:0d:9a:c6:09:08]
	User Datagram Protocol, Src Port: 546, Dst Port: 547
	Source Port: 546
	Destination Port: 547
	Length: 147 (bogus, payload length 10)
	[Expert Info (Error/Malformed): Bad length value 147 > IP payload length]
	[Bad length value 147 > IP payload length]
	[Severity level: Error]
	[Group: Malformed]
	Checksum: 0x7051 [unverified]
	[Checksum Status: Unverified]
	[Stream index: 1]
	[Timestamps]
	[Time since first frame: 0.000000000 seconds]
	[Time since previous frame: 0.000000000 seconds]