Hi,
If the packet needs to be captured from the unix socket what must be
the linktype defined in the Pcap. I am writing the packets on to the
unix socket. And want to capture from it.
I am using pcap library for capturing. Pcap does'nt support's unix
sockets.
So I want to add support for unix s
Oh Guy,
I got everything proper, It was definately my part of poor looping :O.
It was not breaking loop and finally device name was skipped to default
lasting "any" :-(
Thanks for yout time,
P.S.
I submitted libpcap-0.9.4-1.i386.rpm but no-one care about it. Can you
tell me if maintainer in
Hello Guy,
Yes when I applied your suggession about 'ts' and made printing of 'ts'
properly then everything is as per expected now.
Only confusion remains is about my pcap_datalink.
... ... ...
char time_format[32];
ctime_r(&header->ts.tv_sec, time_format);
Dear Guy,
I'm opening "eth0" only using pcap_open_live. I found that immediately
after that open, calling pcap_list_datalinks returns me '1' and dlt_buf
contains 'DLT_LINUX_SLL'. If still I forcefully try doing
pcap_set_datalink(pcap_t *p, DLT_EN10MB); I get error "... type
DLT_EN10MB not sup
On Apr 24, 2006, at 3:23 AM, Sumit wrote:
printf("packet time/caplen/len %u %u %u\n", header-
>ts, header->caplen, header->len);
You can't do that. "header->ts" is a structure, and you can't print
a structure with "%u". What that statement actually does is
implementation
On Apr 24, 2006, at 3:23 AM, Sumit wrote:
Main difference is extra 2 bytes at the first of pcaket. Also there
is not having proper destination H/W Addr; i.e. my machine's MAC,
in starting bytes of packet. Do I need to set something or call
some pcap routines?
One thing you need to do, if
Dear All,
Sorry to give you unnecessary reading, I got the clue for my question
regarding unmatched ethernet header. pcap_datalink() returns
DLT_LINUX_SLL which consumes 8 bytes against tcpdump reported 6 bytes.
I still need your guidance for "struct pcap_pkthdr" understanding.
Thanks
Dear All,
Greetings!!!
I used libpcap-0.9.4 to write a simple capture program. This program
calls pcap_next_ex and return with success. While I print data in hex it
is bit different then the same data printed by tcpdump
# tcpdump -vv -e proto UDP and host 203.88.135.214 -XX -n
tcpdum
