> How are the following fields specified in PCAP v2.4 ?
>
> PCAP->sigfigs (timestamp accuracy? What scale ? in comparison to what ?)
How about "hardwired to 0"? Perhaps, at one point in time, libpcap
bothered to set "sigfigs" to a value other than 0, but it doesn't do so
now.
> PCAP->snaplen (max length of saved portion of each packet? What does that
> mean ? Indefinite size = 0 ? )
No, indefinite size = not fully supported; the BPF "machine language"
requires that a program return a non-zero snapshot length value to
indicate that the packet matched the filter - returning a zero value
means that the packet didn't match the filter, and should be rejected.
If you want to indicate that the size of the packet with the most packet
data saved in the file is unknown, use a large number, e.g. 65535.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
