I have created a dump file by using command "tcpdump -i eth0 -s 0 -w xx.dump".
When i try to read each packet from "xx.dump" by using pcap_next, i am always finding pcap header having "len" member value as "60" when i read a packet which actually doesnot contain any data (For example ack, fin packets) . What can be the reason for this. Is my "tcpdump" command created dumpfile having pcap headers with "len" member as 60 for the zero data size packets? If so, can anybody suggest proper options to given to tcpdump.
But, i hope "tcpdump" is not the reason for this. Because, i have written a program which rewrite packets from "xx.dump" to "yy.dump" with same pcap headers but having correct "len" member value. But, still when i try to read packets from "yy.dump" above problem is persisting i.e, i am getting pcap headers with "len" value as 60 for zero data size packets. So, my suspion is the pcap_next function, which we use for reading packets from the file, is generating pcap headers in this fashion.
Please clarify me in this. Any suggestion in this will be higly appreciated.
Thanks inadvance, K. Anantha Kiran
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
