Hi, I am running a local pcap application on a Solaris host, capturing only packets going to and from a specific interface. Sometimes I see several packets coming in, in a row, and then several packets going out, in a row, from that interface.
However, I know (from the content of the packets and the request/reply nature of the application sending them) that the packets have not arrived (and were not sent) in such "clusters", but they were originally interleaved. In realty, a request packet comes in, a reply packet goes out, and so the process goes. But libpcap sends them "clustered" - all packets coming in and then all packets going out. I assume libpcap doesn't change the order of the packets it gets from the kernel, and it is the kernel that "clusters" the packets. Is there any way to force Solaris to send captured packets to libpcap in the same order they were sent/received? Thank you --ury - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
