>the normal flow of traffic is a separate path from the libpcap flow, and >packets >get supplied to both of them. >For example, if you run tcpdump, it doesn't shut off the TCP/IP >>implementation on your machine; a *copy* of packets (in effect) is passed to >>tcpdump to print or save, another copy is processed by the TCP/IP stack.
Many thx for pointing out this very important point. I thought that there was only one traffic stream (i.e. the normal flow) But if I want to modify the packets in the normal flow, let's say manipulate their mac address, how do I go abt it. Do you have any clue how I can interact directly with normal flow. I've heard abt the Libnet library. Can they do it? Regards, Visham This mail has been scanned for viruses by the UoM Antivirus Gateway. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
