On Mar 15, 2005, at 3:49 AM, Luis Monge wrote:
I noticed that the number of packets received in the struct pcap_stats
and the number in my global counter is different.
Why does this happen?
Because, on at lest some platforms, the "number of packets received"
that pcap_stats() supplies is the numb
I'm using libpcap for the first time (using C) and I have:
-> live capture
-> callback function to process the packet
-> in the callback function, I use a global variable that increments
each time I process a packet
-> function to print statistics
I noticed that the number of packets received in t
On May 21, 2004, at 7:26 AM, [EMAIL PROTECTED] wrote:
The way I see it in snort's implementation of the statistics it's doing
ps_drop/(ps_recv + ps_drop). So I believe that part is accurate.
As far as I can tell, that'd be *wrong* on BSDs and Linux 2.4 and later.
The BPF in the BSDs I've looked at
On Fri, May 21, 2004 at 02:06:57AM -0700, Guy Harris wrote:
> The DLPI code should *probably* add the dropped-packet count to the
> packets-received count, so as to reduce the differences between
> statistics (although it doesn't eliminate them - the right long-term fix
> is probably to introduce a
On Wed, May 19, 2004 at 03:54:48PM -0400, [EMAIL PROTECTED] wrote:
> I recently compiled snort 2.1.3rc1 with libpcap 0.8.3 on Solaris 8 which
> uses libpcap to report statistics among other things.
> Before that I was running snort 2.1.1 with libpcap 0.7.2.
> Whereas before I used to see 0% pack
-BEGIN PGP SIGNED MESSAGE-
> "Gary" == Gary Portnoy <[EMAIL PROTECTED]> writes:
Gary> ../libpcap-0.8.3/pcap-dlpi.c: p->md.stat.ps_drop = sbp-> sbh_drops;
Gary> ../libpcap-0.7.2/pcap-dlpi.c: p->md.stat.ps_drop += sbp->
sbh_drops;
static int
pcap_stats_dlpi
I recently compiled snort 2.1.3rc1 with libpcap 0.8.3 on Solaris 8 which
uses libpcap to report statistics among other things.
Before that I was running snort 2.1.1 with libpcap 0.7.2.
Whereas before I used to see 0% packets dropped as reported by Snort and
be happy, new version of snort sudden
Hi Gary,
Could you let me know what you find out about this? I'm a lead
developer on Snort and just wanted to be aware of any of the problems
you are encountering with libpcap.
Thanks,
Dan
On Wed, 2004-05-19 at 15:54, [EMAIL PROTECTED] wrote:
> I recently compiled snort 2.1.3rc1 with libpcap 0.
