On 03/17/10 18:45, Guy Harris wrote:
On Mar 17, 2010, at 10:54 AM, Jim Lloyd wrote:
I've done some experimentation and determined that apparently I
must call pcap_activate before calling pcap_setfilter.
Yes.
That is counter intuitive, so I wonder if it is by design or not.
It may change
On Thu, Mar 18, 2010 at 7:33 AM, Eloy Paris pe...@chapus.net wrote:
On 03/17/10 18:45, Guy Harris wrote:
On Mar 17, 2010, at 10:54 AM, Jim Lloyd wrote:
I've done some experimentation and determined that apparently I
must call pcap_activate before calling pcap_setfilter.
Yes.
That is
On 03/18/10 11:02, Jim Lloyd wrote:
See 'man pcap' and 'man pcap_create'. You don't need pcap_activate() if you
use pcap_open_live().
Ah, I see. I found this gem at the end of the pcap man page (for libpcap
1.0.0):
pcap_create() and pcap_activate() were not available in versions of
libpcap
On Mar 18, 2010, at 8:02 AM, Jim Lloyd wrote:
Perhaps someone can clarify this point for me. When is filtering done?
If the packet capture mechanism supports BPF packet filtering in the kernel
(and the filter isn't too complicated to fit in the kernel or otherwise
incapable of being handled
On Mar 18, 2010, at 8:20 AM, Eloy Paris wrote:
pcap_create() and pcap_activate() were not available in versions of
libpcap prior to 1.0; if you are writing an application that must work on
versions of libpcap prior to 1.0, either use pcap_open_live() to get a handle
for a live capture or,
