Oops... pcap.h moved to pcap/pcap.h since 0.9.5... This patch
properly handles that.
--
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix
On 3/20/07, Aaron Turner <[EMAIL PROTECTED]> wrote:
Well here's a quick patch (against CVS:HEAD) implemen
Well here's a quick patch (against CVS:HEAD) implementing
pcap_snapshot_override(). I did a quick test and it solves my
specific problem. If you accept it, let me know if you decide to keep
the function name, so that I can make sure my code is forwards
compatible. If there's anything you don't
On 3/20/07, Guy Harris <[EMAIL PROTECTED]> wrote:
[snip]
> One fix that would work w/o breaking backwards compatibility is to
> emulate Ethereal/Wireshark for pcap_open_offline(). Basically ignore
> the header snaplen, allocate the max size buffer and have
> pcap_snapshot() always return 65535
Aaron Turner wrote:
Not sure I follow the above. What value are you talking about here...
the file snaplen?
Yes.
Not sure what errors you're talking about here.
People should always compare the packet caplen/len to determine if the
packet was truncated, not the file snaplen.
It's not a qu
On 3/20/07, Guy Harris <[EMAIL PROTECTED]> wrote:
Aaron Turner wrote:
> That's an excellent question. The original pcap file is over 3 years
> old, and honestly I don't remember. My guess is that the packets were
> most likely captured using tcpdump using the default snaplen on a
> RedHat Linu
I can't seem to figure out how to print the IP address used by the
system through pcap_lookupdev. How could I display the value of
bpf_u_int32 net in a recognizable IP format? Also, is there a way to
apply multiple filters to packets? Such as I want to capture all IP
packets but I want to tell me w
Aaron Turner wrote:
That's an excellent question. The original pcap file is over 3 years
old, and honestly I don't remember. My guess is that the packets were
most likely captured using tcpdump using the default snaplen on a
RedHat Linux box since that was my main development environment at th
Inline...
On 3/20/07, Guy Harris <[EMAIL PROTECTED]> wrote:
Aaron Turner wrote:
> notice the addtional 14 byes in the wireshark decode: "G SRC='http://";
When you say "same packet", do you mean that you ran "tcpdump -XX" on a
capture file, and ran Wireshark on the same capture file, and got th
I answered to 2 of 3 my questions.
For packet delay I have just to see how much microseconds
pass between one packet and its following. Then I have to
calculate the average value of all delays.
For jitter, I have to calculate the difference between one
packet delay and its following, and then I h
Hello,
maybe you know that tcpdump has been back ported to OpenWrt.
I need to measure jitter, packet loss and packet delay on my
access point, but I can't use argus while it's not back
ported. The number of applications I can use are very
limitated, and the operation of back porting an application
I can't seem to figure out how to print the IP address used by the
system through pcap_lookupdev. How could I display the value of
bpf_u_int32 net in a recognizable IP format? Also, is there a way to
apply multiple filters to packets? Such as I want to capture all IP
packets but I want to tell me
Aaron Turner wrote:
notice the addtional 14 byes in the wireshark decode: "G SRC='http://";
When you say "same packet", do you mean that you ran "tcpdump -XX" on a
capture file, and ran Wireshark on the same capture file, and got the
"packet dump example from tcpdump -XX" output from tcpdump
12 matches
Mail list logo
