tcpdump mailing list archives
live capture Ethernet gives me zero-packets
From: Andrej van der Zee <andrejvanderzee () gmail com>
Date: Mon, 4 Apr 2011 15:38:28 +0900
Hi,
I am trying to get started with a live capture using libpcap. Somehow I
cannot get the contents of a packet. It seems that all bytes are zeroed.
Here is the source code:
#include <pcap.h>
#include <stdio.h>
#include <stdlib.h>
void callback(u_char * user, const struct pcap_pkthdr* pkthdr, const u_char
* pkt)
{
fprintf(stdout, "caplen=%d, pkt[12]=%d, pkt[13]=%d\n", pkthdr->caplen,
pkt[12], pkt[13]);
}
int main(int argc,char **argv)
{
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t * pd;
if(NULL == (pd = pcap_open_live("any", BUFSIZ, 1, 0, errbuf)))
{
printf("pcap_open_live(): %s\n", errbuf);
exit(1);
}
pcap_loop(pd, -1, callback, NULL);
return 0;
}
Output is like this:
caplen=1416, pkt[12]=0, pkt[13]=0
caplen=56, pkt[12]=0, pkt[13]=0
caplen=1416, pkt[12]=0, pkt[13]=0
caplen=1416, pkt[12]=0, pkt[13]=0
.... etc ....
I am running Ubuntu Maverick 64bit with kernel 2.6.35-28-generic. Note that
reading from a savefile works just fine, so my guess it has something to do
with memory mapping between kernel and user space.
Thank you,
Andrej
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- live capture Ethernet gives me zero-packets Andrej van der Zee (Apr 03)
- Re: live capture Ethernet gives me zero-packets Guy Harris (Apr 04)
- Re: live capture Ethernet gives me zero-packets Andrej van der Zee (Apr 04)
- Re: live capture Ethernet gives me zero-packets Michael Richardson (Apr 28)
- Re: live capture Ethernet gives me zero-packets Guy Harris (Apr 27)
- Re: live capture Ethernet gives me zero-packets Andrej van der Zee (Apr 04)
- Re: live capture Ethernet gives me zero-packets Guy Harris (Apr 04)