Gianluca Varenni wrote:
BUT..is pcap library able to manage safety multi
process (or maybe multi thread) calls with the same
pcap_t handle in each process ?
No. The pcap_t handle is not guaranteed to be thread-safe. Specifically,
every packet returned by pcap_next (or pcap_next_ex) is valid
Guy Harris wrote:
On Jun 29, 2005, at 3:07 PM, Robert Lowe wrote:
Seems like that kind of functionality might be a good candidate for
inclusion in libpcap itself, no?? There are already functions to
dump to a savefile; why not printable output as well??
How much printable output do you
Guy Harris wrote:
On Jun 29, 2005, at 1:20 PM, Guy Harris wrote:
Use "isprint()" rather than "isascii()" in "print_payload()".
...and, while you're at it, print the payload in hex, as well as ASCII,
to emphasize that there's *no* guarantee that TCP data is text. A
format such as
Sam Pierson wrote:
Sam,
I'm trying to code a lightweight sniffer that picks up individual UDP packets
off the wire from a switch, from the broadcast IP. I'm compiling some code
from
http://www.cet.nau.edu/~mc8/Socket/Tutorials/section2.html
(but I'm running into the same problem with the r
Hi!
Just curious if anyone has tried valgrind with threaded
apps developed with libpcap. Any experiences to share?
TIA,
Robert
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Guy Harris wrote:
On Dec 9, 2004, at 1:09 PM, Robert Lowe wrote:
to_ms specifies the read timeout in milliseconds. The read timeout is
used to arrange that the read not necessarily return immediately when
a packet is seen, but that it wait for some amount of time to allow
more packets to arrive
Hi!
Regarding the to_ms argument to pcap_open_live, the pcap manpage says:
--
to_ms specifies the read timeout in milliseconds. The read timeout is
used to arrange that the read not necessarily return immediately when
a packet is seen, but that it wait for some amount of time to allow
more packets
Aman,
But when I assign either eth0 or eth1 is working fine , I am able to
> capture correct packets: But I fail to understand why I am getting
> corrupt packets if "any" or NULL is set (logic is I want to capture
> the packets from all of the interfaces).
The ethernet header is at the link layer;
...
But the problem is when i assign "any" or NULL to the variable "dev" , the program
> is capturing the packets but showing wrong destination address like
00:01:00:01:00:06
> for each of the 20 packets I captured.
I just went through this... look at pcap_datalink(). If it doesn't return
DLT_E
Guy Harris wrote:
This leads me to another question. I've seen recommendations to roll
your
own structs for IP/TCP headers, hinting that there might be slight
differences
in the definitions between platforms. Is this really true?
Yes. For example, if I remember correctly, not all platforms' "
Guy Harris wrote:
On Dec 1, 2004, at 3:31 PM, Robert Lowe wrote:
In testing a small app using libpcap, I noticed differences in
behaviour when
using the loopback interface vs. using a hardware interface. In
particular,
it seems the packets coming in over the loopback interface are still
in
Hi!
In testing a small app using libpcap, I noticed differences in behaviour when
using the loopback interface vs. using a hardware interface. In particular,
it seems the packets coming in over the loopback interface are still in host
byte order (little endian, in this case). Is that typical, or
MMatos wrote:
tcpdump [options] '( ip[12:4] >= 0xc0a8020f ) and ( ip[12:4] <=
0xc0a80228 )'
First of all thanks for the precious help you give me !
I' ve been analysing the scripts and they expand the ranges to all ips
and then work around with the netmasks ..
Indead i like the 2nd way you're s
Jefferson Ogata wrote:
Robert Lowe wrote:
Jefferson Ogata wrote:
tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420
Beautiful! But wouldn't the bit-shift be for 4 bits? Thanks
It would, but then you'd have to multiply by 4 since the offset is in
multiples of 4. So >
Jefferson Ogata wrote:
Robert Lowe wrote:
Anyone have a filter that will capture just HTTP GET requests? I'm
looking for
something more specific than just "dst host X and tcp dst port 80",
but I'm not
worried about requests to non-standard ports. I would suspect I coul
Hi!
Anyone have a filter that will capture just HTTP GET requests? I'm looking for
something more specific than just "dst host X and tcp dst port 80", but I'm not
worried about requests to non-standard ports. I would suspect I could reference
tcp[N:3] = GET, but can N be an expression itself, e.g
16 matches
Mail list logo
