tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pcap_next_ex: Packet Data

From: Sumit <sumit () elitecore com>
Date: Tue, 25 Apr 2006 10:28:18 +0530
Dear Guy,
I'm opening "eth0" only using pcap_open_live. I found that immediately after that open, calling pcap_list_datalinks returns me '1' and dlt_buf contains 'DLT_LINUX_SLL'. If still I forcefully try doing pcap_set_datalink(pcap_t *p, DLT_EN10MB); I get error "... type DLT_EN10MB not supported...".
Now looking to your second guideline about 'caplen' and 'len'. I'm fine that 'ts' is structure, moreover 'ts' is not my concern, I'm anxious to know about the values contained into caplen and len. 

Thanks for responce,

Guy Harris wrote:
>
> On Apr 24, 2006, at 3:23 AM, Sumit wrote:
>
>>                 printf("packet time/caplen/len %u %u %u\n", header-
>> >ts, header->caplen, header->len);
>
>
> You can't do that.  "header->ts" is a structure, and you can't print  a
> structure with "%u".  What that statement actually does is
> implementation-dependent, but one thing it's unlikely to do is
> correctly print the value of header->caplen or header->len.
>
> If you want to print the two values from the time stamp, you could do
>
>     printf("packet time/caplen/len %d/%d %u %u\n", header->ts.tv_sec,
> header->ts.tv_usec, header->caplen, header->len);

Guy Harris wrote:


On Apr 24, 2006, at 3:23 AM, Sumit wrote:
Main difference is extra 2 bytes at the first of pcaket. Also there is not having proper destination H/W Addr; i.e. my machine's MAC, in starting bytes of packet. Do I need to set something or call some pcap routines?
One thing you need to do, if you want Ethernet headers on your packets, is capture on a device that's not the "any" device. You do *NOT* get Ethernet headers from capturing on the "any" device. You'd need to open "eth0" to capture on the eth0 adapter. 
--
 _____     __    __    ____   ____    __    ______
/\  ___\  /\  \ /\  \ /\  \ \/ /\  \ /\  \ /\__   _\
\ \ ____\ \ \  \\_|  \\ \  \_ /\ \  \\ \  \\__ \  \/
 \//\___ \ \ \______ / \ \__\   \ \__\\ \__\  \ \__\
  \/_____/  \/_____ /   \/__/    \/__/ \/__/   \/__/

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: