On Thursday 10 July 2008, Guy Harris wrote:
>
> It sounds as if you're not interested in statistics, you're interested
> in the ordinal numbers of packets in the savefile. (Note that, even
> in live captures, ps_recv gives you a count of packets that passed the
> filter on some platforms an
Hello,
I know that it is not possible to use pcap_stats when reading data from a
savefile.
I can count the packets returned by the pcap_next_ex, but if I applied a
filter, this won't tell me the absolute position of the packet in the savefile.
Is there any way around this problem?
Cheers,
Mi
iterature in the document).
It is good to have different methods of sampling available for various
experiments...
Link:
https://openlab-mu-internal.web.cern.ch/openlab-mu-internal/openlab-II_Projects/SamplingReport.pdf
Cheers,
Milosz
--
Milosz Marian Hulboj
http://www.linkedin.com/in/mhulboj
o,
What I meant was to store the captured packets in the blocks of fixed size
(possibly wasting some of the storage space in case of small packets, but
gaining in case one wishes to do random access). So to access packet $n$ I
would have to look at the offset = header + n*block_size.
Cheers,
Milos
ot really random - just the skip counter)
- sFlow like sampling schema (on average 1-out-of-N samples)
And does it have to be done on the printing level? I don't know the details,
but it would make much more sense to apply the 'random filtering' as early
as possible.
Cheers,
Milos
Hello,
I would like to know whether it is possible with the current pcap format to
store the captured packets in the fixed length blocks in the file. I have
briefly looked at the format that is being used to store the pcap files and
I think that currently it is not possible, but I would like to
