Re: live capture questions

["Chris sun" <lei_sun () comcast net>]

I used pcap_dispatch() the manpage says when readding live capture, only 1
bufferful of packets is read at a time, I was wondering what the "1
bufferful packets means"? suppose I set the cnt  to be large enough to hold
all pakcets sent from node, will my callback be called untill after it read
the cnt number of packets ?

chris, sun
----- Original Message ----- 
From: "Guy Harris" <guy () alum mit edu>
To: "Chris sun" <lei_sun () comcast net>
Cc: <tcpdump-workers () tcpdump org>
Sent: Tuesday, November 18, 2003 2:02 PM
Subject: Re: [tcpdump-workers] live capture questions


> On Nov 18, 2003, at 7:38 AM, Chris sun wrote:
>
> > I was using libpcap to do some node discovery work, initially, I
> > send a broadcast to all nodes on the network, each node will reply to
> > this broad cast with it's unique ID. I opened pcap in live capture
> > mode. Since in live capture mode, i can only read 1 packet per
> > capture.
>
> What do you mean "in live capture mode, i can only read 1 packet per
> capture"?  There is no restriction in libpcap that causes "pcap_loop()"
> always to quit after 1 packet, nor does a "pcap_t" supply only one
> packet ever.
>
> If you mean that if you explicitly tell "pcap_loop()" to see only one
> packet, by passing 1 as the "cnt" argument, you'll only get one packet
> - but if you're going to send a discovery broadcast and wait for
> responses from multiple machines, you shouldn't do that.
>
> >  i wonder if all the nodes try to send reply at the same time to my
> > host machine(the one captures the packet), how do i make sure i will
> > read all reply packet ? I am using pacap_dispatch() function.
>
> Use "pcap_dispatch()" in a loop - or use "pcap_loop()", which does the
> loop for you.
>
> However, you can't be "sure" you will read all the reply packets,
> because you don't know when you've gotten the last one (the only way to
> know that is to know how many will be sent - but if you're doing node
> discovery, you presumably don't know how many will be sent, because you
> don't know how many nodes there will be).
>
> What you need to do is to keep reading packets with "pcap_dispatch()",
> or use "pcap_loop()", and quit only after some amount of time has
> passed.
>
> -
> This is the TCPDUMP workers list. It is archived at
> http://www.tcpdump.org/lists/workers/index.html
> To unsubscribe use
mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe