Perhaps, the man page says:
The gethrtime() function returns the current high-resolution
real time. Time is expressed as nanoseconds since some arbi-
trary time in the past; it is not correlated in any way to
the time of day, and thus is not subject to resetting or
dr
...the time stamps you get out of libpcap might have
nanosecond *precision* but they might not have nanosecond *accuracy*) -
So what am I trying to say here? Unless you have hardware timestamps
in captured packets, one software timestamp is as good as the next in
a well written application.
If
On Dec 9, 2004, at 3:23 PM, Darren Reed wrote:
So what am I trying to say here? Unless you have hardware timestamps
in captured packets, one software timestamp is as good as the next in
a well written application.
...or as bad as the next.
If you want absolute time stamps, nanosecond resolution wi
Guy Harris wrote:
On Dec 9, 2004, at 1:09 PM, Robert Lowe wrote:
to_ms specifies the read timeout in milliseconds. The read timeout is
used to arrange that the read not necessarily return immediately when
a packet is seen, but that it wait for some amount of time to allow
more packets to arrive and
In some email I received from Guy Harris, sie wrote:
>
> On Dec 9, 2004, at 2:08 PM, Darren Reed wrote:
>
> > In some email I received from Guy Harris, sie wrote:
> >> BTW, where are you getting the nanosecond-resolution time stamps in
> >> Solaris?
> >
> > gethrtime
>
> That says what the high-
On Dec 9, 2004, at 2:08 PM, Darren Reed wrote:
In some email I received from Guy Harris, sie wrote:
BTW, where are you getting the nanosecond-resolution time stamps in
Solaris?
gethrtime
That says what the high-resolution time counter's value is now, not
what the value was when bufmod saw the pack
In some email I received from rick jones, sie wrote:
> >> BTW, where are you getting the nanosecond-resolution time stamps in
> >> Solaris?
> >
> > gethrtime
>
> there is such a thing in some of the other OSes as well - netperf will
> use it for -DHISTOGRAM because it typically is lower overhead.
BTW, where are you getting the nanosecond-resolution time stamps in
Solaris?
gethrtime
there is such a thing in some of the other OSes as well - netperf will
use it for -DHISTOGRAM because it typically is lower overhead.
however, my recollection of the manpages is that it is only good for
relati
On Dec 9, 2004, at 1:09 PM, Robert Lowe wrote:
to_ms specifies the read timeout in milliseconds. The read timeout is
used to arrange that the read not necessarily return immediately when
a packet is seen, but that it wait for some amount of time to allow
more packets to arrive and to read multiple
In some email I received from Guy Harris, sie wrote:
>
> On Dec 9, 2004, at 12:48 PM, Dumas Hwang wrote:
>
> > I would like to get nanosecond resolution on Solaris in
> > libpcap.
>
> BTW, where are you getting the nanosecond-resolution time stamps in
> Solaris?
gethrtime
-
This i
On Dec 9, 2004, at 12:48 PM, Dumas Hwang wrote:
I would like to get nanosecond resolution on Solaris in
libpcap.
BTW, where are you getting the nanosecond-resolution time stamps in
Solaris?
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
On Dec 9, 2004, at 12:48 PM, Dumas Hwang wrote:
I would like to get nanosecond resolution on Solaris in
libpcap. What's the best way to go about it? I suppose it's not a
good
idea to change struct timeval ts in pkthdr to timespec.
That would be an amazingly bad idea (and it was an am
Hi!
Regarding the to_ms argument to pcap_open_live, the pcap manpage says:
--
to_ms specifies the read timeout in milliseconds. The read timeout is
used to arrange that the read not necessarily return immediately when
a packet is seen, but that it wait for some amount of time to allow
more packets
Hi!
I would like to get nanosecond resolution on Solaris in
libpcap. What's the best way to go about it? I suppose it's not a good
idea to change struct timeval ts in pkthdr to timespec. Should I add a
new struct and request a new magic number? I would think many people
need nanose
aman Reddy wrote:
But when I assign either eth0 or eth1 is working fine , I am able to capture
correct
packets: But I fail to understand why I am getting corrupt packets if "any" or
NULL is set
You're *not* getting corrupt packets.
You're getting packets that don't have an Ethernet header on them
Dumas Hwang wrote:
I would like to request two new link layer types for Generic
Framing Procedure (DLT_GFP_T and DLT_GFP_F). Thank you.
OK, DLT_GPF_T is 170 and DLT_GPF_F is 171.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Hi again,
Any will return a header of type DLT_LINUX_SLL.
It's defined here: (From the man page)
---
DLT_LINUX_SLL
Linux "cooked" capture encapsulation; the link layer header
contains, in order:
a 2-byte "packet type", in network byte order, which is
Hi!
I would like to request two new link layer types for Generic
Framing Procedure (DLT_GFP_T and DLT_GFP_F). Thank you.
Regards,
Dumas Hwang
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Hi Peter,
But one thing I didn`t understand is If I keep "any" as the first argument to
the pcap_open_live() then it will capture packets coming from the devices like
etho or eth1 which are ethernet type.
U mean if I capture packet using eth0 interface then I will get ethernet link
layer
Hi Robert,
So nice of u for replying. As I am novice to this field, please can u guide me
where I can get the information related to write extra logic in my program to
deal with each possible link layer.
Please give me the starting step.
with regards,
Aman.
If you do a man on pcap you'll get the information. Look for
DLT_LINUX_SLL, that's the type of header the ANY device is giving you.
If you don't have the man page locally, then it's here:
http://www.tcpdump.org/pcap3_man.html
- Pete
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EM
Aman,
But when I assign either eth0 or eth1 is working fine , I am able to
> capture correct packets: But I fail to understand why I am getting
> corrupt packets if "any" or NULL is set (logic is I want to capture
> the packets from all of the interfaces).
The ethernet header is at the link layer;
Hi All,
Does anyone know any books on pcap and implementation of each and every
function in the library. please provide some free links avaiable in the
internet for the tutorial in capturing packet using pcap library.
Aman.
-
Do you Yahoo!?
hi,
can u tell me where can i get the information for any device. providing links
will be appreciated.
Aman.
-
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.-
This is the tcpdump-workers list.
Visit https://lists.sandelman
Hi Robert Lowe,
But when I assign either eth0 or eth1 is working fine , I am able to capture
correct packets: But I fail to understand why I am getting corrupt packets if
"any" or NULL is set (logic is I want to capture the packets from all of the
interfaces).
Please explain to me briefly wh
There is a different header for the "any" device (DLT_LINUX_SLL), it
looks like this:
2-byte packet type
2-byte field, containing a Linux ARPHRD_value for the link layer device
type;
2-byte field, containing the length of the link layer address of the
sender of the packet
8-byte field containi
...
But the problem is when i assign "any" or NULL to the variable "dev" , the program
> is capturing the packets but showing wrong destination address like
00:01:00:01:00:06
> for each of the 20 packets I captured.
I just went through this... look at pcap_datalink(). If it doesn't return
DLT_E
Hi all,
I have written a small program to capture 20 packets using pcap library. It
is working fine if I captured packets from interface eth0 or eth1 by assigning
either of these to variable "dev" used in the program below as the first
parameter to pcap_open_live(). The output of the program
28 matches
Mail list logo
