Fw: Output goes weird!

[Justin Robinson <csmjmr () bath ac uk>]

Hi

How would I go about increasing the buffer size on FreeBSD? I've read lots
about it but I'm not quite sure how
you do it.

Do I have to change the pcap source and recompile. If so... how do I do this
please?

Thanks in advance
Regards
Justin


----- Original Message -----
From: <csmjmr () bath ac uk>
To: "Guy Harris" <guy () alum mit edu>
Cc: <tcpdump-workers () tcpdump org>; "Michael Richardson"
<mcr () sandelman ottawa on ca>
Sent: Friday, September 12, 2003 10:11 AM
Subject: Re: [tcpdump-workers] Output goes weird!


> Hi
>
> > > The non-printable characters problem is fixed.
> > > I fixed it by setting the snaplen to 2048.
> >
> > That's not a fix, that just hides the problem - your program should,
> > for safety's sake, check the "caplen" field of the pcap_pkthdr
> > structure, and not look at any bytes past that length.  (Yes, if you're
> > capturing on a network where packets are never > 2048 bytes, you
> > *should* be safe - but, just in case the packet is somehow malformed,
> > you should *still* do that check.)
>
> I see - Ok... I will add this check (or at least write about it :o))
>
> > > The packet dropping is a separate problem.
> > > I used TCPDUMP to tell me wether packets were being dropped...
> > > at the end where it gives number received and number dropped by
kernel.
> > Are you using a packet filter expression when capturing?  I.e., does
> > your program do a "pcap_compile()" and a "pcap_setfilter()"?
>
> Yes I'm applying a filter with pcap_compile() and then pcap_setfilter().
>
> Justin
> -
> This is the TCPDUMP workers list. It is archived at
> http://www.tcpdump.org/lists/workers/index.html
> To unsubscribe use
mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
>


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe