Re: [tcpdump-workers] Devices and adresses in libpcap

2008-04-13 Thread David Rosal
Thanks Guy. By the way: Have you had a look at libpcap++? The web page is: http://libpcappp.sourceforge.net/ Your opinion would be specially appreciated. Anyway, thanks for the help. Cheers, ~David 2008/4/12, Guy Harris [EMAIL PROTECTED]: David Rosal wrote: As far as I know, each

Re: [tcpdump-workers] Devices and adresses in libpcap

2008-04-13 Thread David Rosal
2008/4/13, Giovanni Venturi [EMAIL PROTECTED]: You should add on the website what libpcap++ has in addition to libpcap in details, Giovanni Well, libpcap++ is only a wrapper, and it does not add any new feature to libpcap, except maybe the abbility to retrieve some attributes of pcap

[tcpdump-workers] Devices and adresses in libpcap

2008-04-12 Thread David Rosal
Hello. Let me present myself: I am David Rosal, from Barcelona. I have written a C++ wrapper for libpcap, called libpcap++. I have implemented almost all pcap functions in the library, and now I am trying to implement pcap_lookupnet(). But after reading the pcap man page carefully, there's

Re: [tcpdump-workers] regarding offset IP packet

2006-07-14 Thread David Rosal
[EMAIL PROTECTED] wrote: Hi guys, I am trying to print offset value for IP packet through this code. printf(%d|,ippkt-ip_off); I am not getting the right value, what's missing. ip_off is an u_short, so byte order issues apply. Try this: printf(%d|, ntohs(ippkt-ip_off));

Re: [tcpdump-workers] pcap_loop() not returning after

2006-06-27 Thread David Rosal
Richard Hansen wrote: If pcap_breakloop() is called in a signal handler, and the signal in question isn't set up to restart system calls, that should let the loop terminate cleanly. If it's not called in a signal handler, i.e. if there's no signal that was delivered to the process, that

[tcpdump-workers] Problems with libpcap and C++

2006-06-14 Thread David Rosal
Hello. I'm writing a packet sniffer in C++ using libpcap-0.9.4. I've tried to use a class function member as a callback for pcap_loop(), but the compiler complains that arguments don't match. The code is something like this (I have simplified it): 8- class X {

Re: [tcpdump-workers] Problems with libpcap and C++

2006-06-14 Thread David Rosal
Ury Segal wrote: The buttom of the problem is this: You excpect libpcap to call X::dumper in the context of an instance of class X. (The real first parameter of X::dumper is a variable named this of the type X*.) But the libpcap API is not defining a `void (X::)(u_char*, const

Re: [tcpdump-workers] packet dropping on solaris

2006-05-29 Thread David Rosal
Hello. Michele Sciuto wrote: Hello Jonathan, we are working at the same topic on a Linux Debian system. I suggest that you adjust the following kernel parameters in order to improve the number of packets captured (I don't know the equivalence in Solaris...). /proc/sys/net/core/rmem_default

[tcpdump-workers] Changing the savefiles produces packet loss

2006-04-03 Thread David Rosal
Hello. I've been capturing heavy traffic with tcpdump. No packets are dropped except when the savefiles are rotated. I know that because I use a modified version of tcpdump-3.9.4 that prints statistics every minute. My question is, is it normal to loose packets when closing and opening the

Re: [tcpdump-workers] Changing the savefiles produces packet loss

2006-04-03 Thread David Rosal
David Rosal wrote: Hello. I've been capturing heavy traffic with tcpdump. No packets are dropped except when the savefiles are rotated. I know that because I use a modified version of tcpdump-3.9.4 that prints statistics every minute. My question is, is it normal to loose packets when

[tcpdump-workers] Packet loss while rotating the savefiles

2005-12-23 Thread David Rosal
Hello. I am monitoring a high speed link with tcpdump, using savefiles of 2GB and rotating them, and I'm having about a 1% of packet loss. I just wanted to know if the save file rotation can produce packet loss, or if they are all dropped by the kernel. In other words: May the packet loss

Re: [tcpdump-workers] Paquets smaller than 64 bytes

2005-11-23 Thread David Rosal
Gianluca Varenni wrote: The minimum ethernet frame length is 64 bytes *if* you include the FCS. Unfortunately, most of the network cards strip the FCS before the packet reaches the host, so the actual minimum frame length that you see with libpcap is actually 60 bytes. Hope it helps Yes

[tcpdump-workers] Missing libpcap.so

2005-08-25 Thread David Rosal
Hello. I'm trying to use an application that needs to be linked dinamically against libpcap, so it needs libpacp.so to be installed. I've downloaded libpcap-0.9.3 and installed it, but it only provides the static library libpcap.a. I've tried also adding --enable-shared to configure but it

[tcpdump-workers] Does option -w influence the packet capture?

2005-05-06 Thread David Rosal
Hi. I'm using tcpdump-3.7.2 to capture ethernet traffic, and I'm wondering why it captures much less packets when I use option -w. I have done the following test: I've run tcpdump -s0 many times for 10 seconds each time, and the average result is to capture about 100 packets. I've run tcpdump