> I see some strange packets in tcpdump, when I use a (linux)kernel compiled with >linux > socket filters. What I noticed is that when i start dumping information with > a filter f.e. <tcpdump host xxx> I get all packets in the first seconds and > after that evering is fine. (Propably the kernel installs the packet filter, > after it starts sending packets to the program).
Are you seeing this with the current CVS version, or 0.7 beta version, of libpcap? It should be fixed in those versions, which attempts to flush all captured packets before installing the kernel filter. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
