There are two simple cases to rule out:
1. The capture was taken using a Napatech or Endace card, which uses its own
clock which may or may not be in sync with the host clock.
2. There's an unexpected local timezone on the machine used to read and
display the packet capture. Is your client
Like many people here, i've used tcpdump (or libpcap) to write data acquisition
gadgets that then report up to some higher tier.
If you wanted to build one without doing all the messy libpcap and socket
calls, you could chain tcpdump, a little awk, and nc (netcat) together. It
wouldn't be inc
- Original Message -
From: "Guy Harris" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, July 12, 2005 3:15 AM
Subject: Re: [tcpdump-workers] FreeBSD 5.4 & PCAP: blocked read() on
pcap_lookupnet()
> Richard Huddleston wrote:
>
> > (gdb) where
> > #0 0x2
FreeBSD 5.4
"Stock" pcaplib
I'm blocking on a read() invoked by pcap_lookupnet():
Program received signal SIGINT, Interrupt.
0x280ee6fb in read () from /lib/libc.so.5
(gdb) where
#0 0x280ee6fb in read () from /lib/libc.so.5
#1 0x28090c57 in pcap_lookupnet () from /usr/lib/libpcap.so.3
#2 0x280
- Original Message -
From: "Guy Harris" <[EMAIL PROTECTED]>
To:
Sent: Monday, July 11, 2005 1:49 PM
Subject: Re: [tcpdump-workers] FreeBSD 5.4 & BIOCSRTIMEOUT &
pcap_open_live()
> Richard Huddleston wrote:
> > Freshly installed FreeBSD 5.4. New user o
Freshly installed FreeBSD 5.4. New user of FreeBSD.
pcap_open_live() fails with a
BIOCSRTIMEOUT: Invalid argument
pcap_open_live( device, BUFSIZ, 1, -1, errbuf )
The 'to_ms' argument is the obvious candidate, since when I change it to a
non-negative value pcap_open_live() initializes fine
