Re: capturing on both interfaces simultaneously

[abhinav narain <abhinavnarain10 () gmail com>]

I was using pthreads for two interfaces, but I am trying to optimize now. I
have 15% memory usage.
I am trying to use select, as it seems the most basic. Junkie uses threads
to do this, so can't really use it.
I want to sniff only beacons in the network, so I am attaching a bpf filter
on the handle
Can I use pcap_loop when using select, or i have to use recvfrom in loop ?

Abhinav

On Wed, Nov 30, 2011 at 10:25 AM, <dragorn () durandal kismetwireless net>wrote:

> On Wed, Nov 30, 2011 at 01:06:19PM +0100, Joerg Mayer wrote:
> > On Mon, Nov 28, 2011 at 02:35:24PM -0500, abhinav narain wrote:
> > > I am using libpcap on Openwrt platform, Netgear router wndr3700v2.
> > > I am able to capture packets on phy0, interface.
> > > But what should I do to capture packets on phy0,phy1 simultaneously in
> the
> > > same program ?
> > >
> > > I don't think I can use "any" interface as it might capture packets
> from
> > > bridge interface also !
> >
> > The current *development* tree of Wireshark supports simultanous capture
> > on several interfaces and this includes the text version tshark. AFAIK,
> > tcpdump does not support this - but you may alway start tcpdump multiple
> > times, once for each interface and later merge the capture files.
>
> Kismet does this as well, if you're in the wireless space.
>
> But yeah -  mergecap is your friend otherwise, it's application level
> logic to capture from multiple sources.
>
> -m
>
> > Ciao
> >     Joerg
> > --
> > Joerg Mayer                                           <jmayer () loplof de>
> > We are stuck with technology when what we really want is just stuff that
> > works. Some say that should read Microsoft instead of technology.
> > -
> > This is the tcpdump-workers list.
> > Visit https://cod.sandelman.ca/ to unsubscribe.
>
> --
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.