I am running a local pcap application on a Solaris
host, capturing only packets going to and from a
specific interface. Sometimes I see several
packets coming in, in a row, and then several
packets going out, in a row, from that interface.
I think you are seeing the same problem that I have described in my posting
"Not receiving packets on Solaris, but no problems on Linux and BSD".
I think what we both need is the Solaris/DLPI equivalent to the BSD/BPF
BIOCIMMEDIATE ioctl.
In my situation, I wrote a program (arp-scan) using libpcap on Linux, and it
worked fine. When I ported it to BSD I needed to use the BIOCIMMEDIATE
ioctl to avoid BPF buffering. I'm now porting it to Solaris and am not
receiving packets, so I suspect that I need the appropriate method to avoid
buffering in DLPI.
Roy Hills
_________________________________________________________________
Txt a lot? Get Messenger FREE on your mobile.
https://livemessenger.mobile.uk.msn.com/
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
