tcpdump mailing list archives
Re: live capture Ethernet gives me zero-packets
From: Michael Richardson <mcr () sandelman ca>
Date: Wed, 27 Apr 2011 15:07:17 -0400
"Andrej" == Andrej van der Zee <andrejvanderzee () gmail com> writes:
>> (No, the "any" device doesn't give you Ethernet packets, even if, >> at the time you start the capture, the only interfaces on your >> machine are Ethernet interfaces. If you want to capture on a >> particular Ethernet device, use its name, e.g. "eth0", in which >> case you'll presumably get packets that have Ethernet headers - >> although you should probably check the value returned by >> pcap_datalink() whenever you do any pcap_open call, including >> pcap_open_offline() to read from a savefile, or when you do >> pcap_create()/.../pcap_activate().)- >> Andrej> Indeed I assumed that since I have only ethernet interfaces Andrej> that the link-type for any would be EN10MB. Now I now this Andrej> is false on Linux when using "any". Correct. It is a sad historical design limitation that libpcap did not tell you where each layer starts. I wrote some code C++, which I have placed under a do-anything license, which disguishes between EN10B and LINKTYPE_LINUX_SLL/DLT_LINUX_SLL. I am offline right now, so I can't post the exact link, but it's on github.com, under mcr/unstrung, in lib/libfakeiface/pcap_iface.cpp. I use this code to let me use pcap files as input to other code as part of unit testing. There is some hackery as I only care about IPv6, but you can likely adapt. -- ] He who is tired of Weird Al is tired of life! | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[ Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE> then sign the petition. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- live capture Ethernet gives me zero-packets Andrej van der Zee (Apr 03)
- Re: live capture Ethernet gives me zero-packets Guy Harris (Apr 04)
- Re: live capture Ethernet gives me zero-packets Andrej van der Zee (Apr 04)
- Re: live capture Ethernet gives me zero-packets Michael Richardson (Apr 28)
- Re: live capture Ethernet gives me zero-packets Guy Harris (Apr 27)
- Re: live capture Ethernet gives me zero-packets Andrej van der Zee (Apr 04)
- Re: live capture Ethernet gives me zero-packets Guy Harris (Apr 04)