Something that I've done (although our version of duplicate suppression,
written by a co-worker, just does header compares) is to use
high-entropy bytes in the packet structure to quickly eliminate the
possibility of duplicates, e.g. IP/TCP/UDP checksums, and if your
network card/OS provide i
Will Barker wrote:
So either approach should be OK - the latter being a bit more flexible. Is
there no general preference in this regard? Or (non-formalised?) standard
approach generally adopted now in the libpcap/wireshark world?
There is no standard approach, nor any generally-adopted approa
- Original Message -
From: "Alexander Dupuy" <[EMAIL PROTECTED]>
To: "tcpdump-workers"
Sent: Wednesday, December 12, 2007 7:52 AM
Subject: Re: [tcpdump-workers] [PATCH] enable memory mapped access to
ethernet
Gianluca Varenni wrote:
Having a function that
returns success but then
Andy Howell wrote:
In my application I
needed to detect the duplicate packets that some Cisco Cat6000 (?)
switches send on a spanning port. I tried various hashes like SHA1,
MD4/5, but they were too cpu intensive. I ended up using a simple
checksum. I only look at the last 4 packets in determinin
Gianluca Varenni wrote:
Having a function that
returns success but then spits out a human only readable warning string in a
parameter called "errbuf" and not "warnbuf" (also considering that there's
an errbuf in the pcap_t structure that can be retrieved with pcap_geterror()
or similar) is not th
Is this request OK/in the queue?
When should I expect it to have been completed?
Thanks
Will
-Original Message-
From: Will Barker [mailto:[EMAIL PROTECTED]
Sent: 30 November 2007 09:57
To: 'tcpdump-workers@lists.tcpdump.org'
Subject: RE: [tcpdump-workers] New DLT_ value request
> ...s
