I modifies res = pcap_dispatch(handle, -1, collect_pkt, (u_char *)pkt_queue); to res = pcap_dispatch(handle, 1, process_pkt, NULL); and tries to process each received packet.
the whole source codes are in capture.tar.gz I run the program on host 192.168.0.106, and open a browser on another host to visit 192.168.0.106:8000 I use tcpdump with the same filter expression as in the capture program to capture the packets (see attachment). there are 16 packets altogether, but the program only capture 10 packets, that is 3 4 5 8 9 10 11 12 13 15 the on_capture event was triggered for 14 times, in order as below: * 3 4 5 * 8 * 9 10 11 12 13 * 15 * means the pcap_dispatch return 0, for the other numbers(3 4 5 8 9 10 11 12 13 15) pcap_dispatch return 1 for the missing 16th packet, it is maybe that I end my program before I close the tcpdump process. so it means my capture program can't capture packet 1 2 6 7 14 why does this happen? why can't my program capture all the packets? On Wed, Oct 14, 2015 at 12:27 AM, Mark Ellzey <[email protected]> wrote: > > > On Tue, Oct 13, 2015 at 3:20 PM, Mark Ellzey <[email protected]> wrote: > >> >> There shouldn't be a difference, technically that is. 1.x differs greatly >> though in functionality, but is backwards compat with 1.x. A few years ago >> I did a 2.x conversion for some very old code: >> https://github.com/ellzey/trafan/blob/master/trafan.c with pcap. >> >> and *many* many years ago I did this which never moved out to 2.x, >> completely 1.0. But it still works with old/new pcap and libevent as seen >> here: >> >> https://strcpy.net/mark/dns_stuff/dns-sla/dnsm.c >> https://strcpy.net/mark/dns_stuff/dns_spoof_watch/dns_spoof_watch.c >> >> >> But mind you, pcap_dispatch with -1 means you may be processing a ton of >> packets, all of which call your pcap callback. >> >> > All of this was done 9-10 years ago; so no mocking! (though it has been > ripped and used for profit by certain individuals today, which I find > amusing since it's such horrible code) > >
port_8000.pcap
Description: application/vnd.tcpdump.pcap
capture.tar.gz
Description: GNU Zip compressed data
