Re: [tcpdump-workers] nanosecond timestamp

Hi! Can I add this structure in pcap.h and get a new magic number so that we can support nanosecond resolution? /* libpcap record header. */ struct pcaprec_hdr { guint32 ts_sec; /* timestamp seconds */ guint32 ts_usec;/* timestamp microseconds */

Re: [tcpdump-workers] nanosecond timestamp

Dumas Hwang wrote: Hi! Can I add this structure in pcap.h and get a new magic number so that we can support nanosecond resolution? /* libpcap record header. */ struct pcaprec_hdr { guint32 ts_sec; /* timestamp seconds */ guint32 ts_usec;/* timestamp microseconds

Re: [tcpdump-workers] nanosecond timestamp

Rick Jones wrote: Are there any issues with having the header not be an 8 byte multiple in size? lots of stuff (iirc) wants four-byte, but I'm not sure about 8 And is there a compelling reason to supply both the microseconds and nanoseconds time stamps in the record header? Yes, libpcap would

[tcpdump-workers] ifconfig sees more packets than tcpdump?

Hello all, I noticed something you might clear up for me. Ifconfig seems to see more packets than tcpdump does. I ran ifconfig eth0 twice, with tcpdump -c 1000 -i eth0 in between. The output is below with ip addresses x-ed out (dividing lines added by me); # ifconfig eth0 tcpdump -c 1000

Re: [tcpdump-workers] nanosecond timestamp

Yes, I can use that structure too. Sorry, I am quite new to this. Is the next step to get the magic number, change Ethereal so that it will recognize the new magic number and submit the patch? Regards, Dumas Hwang So the Navtel header should perhaps be struct pcaprec_navtel_hdr {

Re: [tcpdump-workers] nanosecond timestamp

Dumas Hwang wrote: Yes, I can use that structure too. Sorry, I am quite new to this. Is the next step to get the magic number, change Ethereal so that it will recognize the new magic number and submit the patch? The next step is to change libpcap so that all programs using libpcap can read

Re: [tcpdump-workers] nanosecond timestamp

Can I get a magic number associated with this format? Regards, Dumas Hwang -Original Message- From: Guy Harris [mailto:[EMAIL PROTECTED] Sent: January 6, 2005 4:20 PM To: tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] nanosecond timestamp Dumas Hwang wrote: Yes, I

[tcpdump-workers] Capture packets on high-speed link using libpcap

Hi All, I was trying to capture the packets from the Gbit link (normally 400Mbit/s), the program uses libpcap. The problem is that I was getting lots of dropped packets (up to 25%), The machine I used a 1.4G dual-cpu machine with 1G network card, I don't know why I still got so many dropped

Re: [tcpdump-workers] Capture packets on high-speed link using libpcap

Zhu,Bin wrote: Hi All, I was trying to capture the packets from the Gbit link (normally 400Mbit/s), the program uses libpcap. What normally limits it to 400 Mbit/s? CPU? I/O bus? Is the disc on which the capture is stored connected to an HBA on the same bus as the GbE NIC, and what sort of

[tcpdump-workers] Test data / programs for the BPF machine

Hello, I am currently working on a hardware implementation of the BPF filter machine and I was wondering, if there are any bpf-programs and corresponding packet data to verify that my implementation is correct. So I would be especially interested in bpf programs and corresponding packet data