Hi.
I'm using tcpdump-3.7.2 to capture ethernet traffic, and I'm wondering
why it captures much less packets when I use option -w.
I have done the following test:
I've run tcpdump -s0 many times for 10 seconds each time, and the
average result is to capture about 100 packets.
I've run tcpdump
Hello.
I'm trying to use an application that needs to be linked dinamically
against libpcap, so it needs libpacp.so to be installed.
I've downloaded libpcap-0.9.3 and installed it, but it only provides the
static library libpcap.a. I've tried also adding --enable-shared to
configure but it
Gianluca Varenni wrote:
The minimum ethernet frame length is 64 bytes *if* you include the FCS.
Unfortunately, most of the network cards strip the FCS before the packet
reaches the host, so the actual minimum frame length that you see with
libpcap is actually 60 bytes.
Hope it helps
Yes
Hello.
I've been capturing heavy traffic with tcpdump.
No packets are dropped except when the savefiles are rotated. I know
that because I use a modified version of tcpdump-3.9.4 that prints
statistics every minute.
My question is, is it normal to loose packets when closing and opening
the
David Rosal wrote:
Hello.
I've been capturing heavy traffic with tcpdump.
No packets are dropped except when the savefiles are rotated. I know
that because I use a modified version of tcpdump-3.9.4 that prints
statistics every minute.
My question is, is it normal to loose packets when
Hello.
Michele Sciuto wrote:
Hello Jonathan,
we are working at the same topic on a Linux Debian system.
I suggest that you adjust the following kernel parameters in order to
improve the number of packets captured (I don't know the equivalence in
Solaris...).
/proc/sys/net/core/rmem_default
Hello.
I'm writing a packet sniffer in C++ using libpcap-0.9.4.
I've tried to use a class function member as a callback for
pcap_loop(), but the compiler complains that arguments don't
match. The code is something like this (I have simplified it):
8-
class X
{
Ury Segal wrote:
The buttom of the problem is this:
You excpect libpcap to call X::dumper in
the context of an instance of class X.
(The real first parameter of X::dumper
is a variable named this of the type X*.)
But the libpcap API is not defining a
`void (X::)(u_char*, const
Richard Hansen wrote:
If pcap_breakloop() is called in a signal handler, and the signal in
question isn't set up to restart system calls, that should
let the loop terminate cleanly. If it's not called in a signal
handler, i.e. if there's no signal that was delivered to the process,
that
[EMAIL PROTECTED] wrote:
Hi guys,
I am trying to print offset value for IP packet through this code.
printf(%d|,ippkt-ip_off);
I am not getting the right value, what's missing.
ip_off is an u_short, so byte order issues apply. Try this:
printf(%d|, ntohs(ippkt-ip_off));
Hello.
Let me present myself: I am David Rosal, from Barcelona.
I have written a C++ wrapper for libpcap, called libpcap++.
I have implemented almost all pcap functions in the library, and now I am
trying to implement pcap_lookupnet(). But after reading the pcap man page
carefully, there's
Thanks Guy.
By the way: Have you had a look at libpcap++?
The web page is: http://libpcappp.sourceforge.net/
Your opinion would be specially appreciated.
Anyway, thanks for the help.
Cheers,
~David
2008/4/12, Guy Harris [EMAIL PROTECTED]:
David Rosal wrote:
As far as I know, each
2008/4/13, Giovanni Venturi [EMAIL PROTECTED]:
You should add on the website what libpcap++ has in addition to libpcap in
details,
Giovanni
Well, libpcap++ is only a wrapper, and it does not add any new feature to
libpcap, except maybe the abbility to retrieve some attributes of pcap
13 matches
Mail list logo