On Thu, 24 Mar 2005 02:38:51 -0800 Guy Harris <[EMAIL PROTECTED]> wrote:
Libpcap uses BPF on the BSDs and, by default on AIX. It uses PF_PACKET sockets on Linux (or, on 2.0[.x] kernels, SOCK_PACKET sockets), and other mechanisms on other OSes.
Libpcap has its own BPF filtering mechanism, which it uses if it can't use a kernel filtering mechanism; that might be what that person was thinking of. However, 2.2 and later kernels (or was it introduced in 2.4?) *do* have a kernel filtering mechanism.
So,.. Linux kernel 2.2 and above already used kernel filtering, right?
and there's no BPF in Linux at all, right?
Another question: 'pcap_stats' give two output: Packet Received and Packet Drop.
If I want to measure how many 'packet X' (using filtering) passed in my Router, and i'm using
a sample program like 'tethereal' and report like this:
1000 packets captured
100 packets dropped
So the total 'packet X' passed was 1100 packets, right??
Thanks in advance.
Regards, Fatrisha
========================================================================================
Akses Internet TELKOMNet-Instan beri Diskon s.d. 50 % khusus untuk wilayah Jawa Timur.
Informasi selengkapnya di www.telkomnetinstan.com atau hub 0800-1-INSTAN (467826)
======================================================================================== -
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
