-blocking mode to 0, expecting
the call to pcap_dispatch to hang when packets are not
collected. But instead, I can see many printouts (Read 0 packets)
which indicate that the pcap_dispatch has exited when no
packets are dispatched. So, is the non-blocking mode bugged, or
am I understanding the mod
Guy Harris alum.mit.edu> writes:
> Can you cut your application down to the smallest code
> snippet that shows the problem, and send that to me?
I managed to extrapolate the core. It's a little messy because
of the many tests I made recently and the 80-chars line
limitation, but it show the o
ould see that tcpdump
is not performing any ioctl() call (nor any select() call). That still
puzzles me, as tcpdump works perfecly.
Thanks for the kind support,
Marco
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Carter Bullard qosient.com> writes:
>
> Hey Marco,
> This may help you if you are not doing it. It seemed to help me on
> Snow Leopard.
Carter, thank you so much! It works nicely with this addition. I understand
that
BIOCIMMEDIATE changes the behaviour and avoids bufferi
commands
I can see "ps_recv" increase rapidly.
Now, I don't know what "received" means (in userland? in kernel
buffer?), but maybe you do :)
Thanks,
Marco
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Guy Harris alum.mit.edu> writes:
> > some printout I could add before calling pcap_dispatch to see what's in the
> > kernel buffer and what in the userland buffer?
>
> Yes, but you'd have to add it to libpcap.
>
> >> Is your program built as a 32-bit program or a 64-bit program?
> >
To summa
p, then I should be able to
capture using the same filter. I just cannot understand what my code (posted
earlier) is doing differently from tcpdump.
Thanks for the support
Marco
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
he O.S.) worked
fine, and also the one I downloaded and recompiled. I recompiled it just to be
sure that they didn't do some "trick" to make it work.
Maybe I just don't trust the Authority :)
Regards,
Marco
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
that they didn't do some "trick" to
make it work.
Maybe I just don't trust the Authority :)
Regards,
Marco
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
t; error <"<");
RAISE_EXCEPTION_WITH_MSG(PacketCaptureSessionException, error);
}
...
Any idea that could point me in resolving the issue? Have you ever seen this
behaviour before? The application works fine with all other O.S. which run
older pcap versions. I recompiled tcpdump 4.0.0 on my machine, and it works!
Therefore I shall be able to capture correctly.
Best regards,
Marco
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
> And now my question is:
> can tcpdump extract payloads from packets, or it just extracting headers?
No, tcpdump by itself can't. But that's what tcpflow does.
Regards,
Marco.
-
This is the tcpdump-workers list.
Visit https://cod.
e/tcpflow/
Regards,
Marco.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
ket>' should do it...
--
Regards,
Marco.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
13 matches
Mail list logo
