Hi How would I go about increasing the buffer size on FreeBSD? I've read lots about it but I'm not quite sure how you do it.
Do I have to change the pcap source and recompile. If so... how do I do this please? Thanks in advance Regards Justin ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "Guy Harris" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; "Michael Richardson" <[EMAIL PROTECTED]> Sent: Friday, September 12, 2003 10:11 AM Subject: Re: [tcpdump-workers] Output goes weird! > Hi > > > > > > The non-printable characters problem is fixed. > > > I fixed it by setting the snaplen to 2048. > > > > That's not a fix, that just hides the problem - your program should, > > for safety's sake, check the "caplen" field of the pcap_pkthdr > > structure, and not look at any bytes past that length. (Yes, if you're > > capturing on a network where packets are never > 2048 bytes, you > > *should* be safe - but, just in case the packet is somehow malformed, > > you should *still* do that check.) > > > > I see - Ok... I will add this check (or at least write about it :o)) > > > > The packet dropping is a separate problem. > > > I used TCPDUMP to tell me wether packets were being dropped... > > > at the end where it gives number received and number dropped by kernel. > > > > > > Are you using a packet filter expression when capturing? I.e., does > > your program do a "pcap_compile()" and a "pcap_setfilter()"? > > > > Yes I'm applying a filter with pcap_compile() and then pcap_setfilter(). > > Justin > - > This is the TCPDUMP workers list. It is archived at > http://www.tcpdump.org/lists/workers/index.html > To unsubscribe use mailto:[EMAIL PROTECTED] > - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
