[tcpdump-workers] why the ethernet and ip header of packets, which are captured by libpcap function, are distorted

I used libpcap function pcap_next() to capture some tcp packets I checked the bytes of the captured packets and notice that the ethernet and ip header of packets are distorted, in a mess with a lot 0's but the TCP header is fine what are potential reasons for this?

[tcpdump-workers] Couldn't parse filter scr port 22000: syntax error

Hi, all I used the following filter rules to capture packets, tcpdump -i eth0 src port 22000 it works fine, however, when I used it libpcap functions pcap_compile() and pcap_setfilter() it output an error: Couldn't parse filter scr port 22000: syntax error what is wrong

[tcpdump-workers] libpcap: 64bit machine has no compatible 32-bit libpcap library

I want to compile a `.c` file to 32-bit executable using `gcc` option `-m32` with libpcap the machine is linux 64bit fedora 16 however, I get the following error [root@fdf source]# gcc -m32 -o test_tcp test_tcp.c -lpcap /usr/bin/ld: skipping incompatible /usr/lib64/libpcap.so when searchi

[tcpdump-workers] some questions about libpcap , especially with fork() called

I want to use libpcap to capture some packets in my tcp server program some of the snippets in my program are like: handle = pcap_open_live(dev, BUFSIZ, 0, 0, errbuf); pcap_compile(handle, &fp, filter_exp, 0, mask) == -1 pcap_setfilter(handle, &fp); struct pcap_pk

Re: [tcpdump-workers] some questions about libpcap , especially with fork() called

split the related FIFO queue into multip FIFO queues, each of which corresponds to one tcp connection, and then pcap_next() in each child process just fetch packets from its corresponding sub-FIFO queue? or any other solutions? thanks! 2013/4/8 Guy Harris > > On Apr 7, 2013, at 3:25 PM, w

[tcpdump-workers] (no subject)

handle = pcap_open_live(dev, BUFSIZ, 0, 0, errbuf); pcap_compile(handle, &fp, filter_exp, 0, mask) == -1 pcap_setfilter(handle, &fp); struct pcap_pkthdr pcap_header; // The header that pcap gives us const u_char *pcap_packet; // The actual pack

[tcpdump-workers] parent-child process, selectable file descriptor and pcap

I have a program, part of the source codes are: handle = pcap_open_live(dev, BUFSIZ, 0, 0, errbuf); pcap_compile(handle, &fp, filter_exp, 0, mask) == -1 pcap_setfilter(handle, &fp); struct pcap_pkthdr pcap_header; // The header that pcap gives us const

[tcpdump-workers] libpcap can't capture IP fragments

I want to capture UDP packets which are destined to a local port, the filtering expression is like udp port 2. I notice if there are IP fragmentation on a UDP packet, libpcap can only capture the first IP fragment. I guess the reason is the second IP fragment are not with UDP header (but with I