tcpdump mailing list archives
reading a live pcap file in real time
From: Giovanni Venturi <giovanni () ksniffer org>
Date: Tue, 3 Mar 2009 00:17:01 +0100
Hello, I'm using libpcap 3.9.8. I made a GUI application under KDE that when I ask to start sniffing packets from the network, than it starts another application (not a GUI) that captures all the packets and write them into a file. From the GUI I have under control the file it writes. And I use while (m_canSniff) { ... result = pcap_next_ex( ... ) ... } to know if there are new packets into the file. If I got result == -2 than I got no packet, else I got a packet and than I put it into the GUI view. I stop the GUI thread on the pcap file when m_canSniff become false. It becames false when the backend "daemon" stops capturing packets. I got the end signal of the process thank to KProcess class and than I set m_canSniff to false. Is it correct this method? Is there some problem in it? Because very often I got less packets or more packets of what I requested. I programmed the "daemon" in way that it stops when it gots 70000 packets, for example. On the GUI I get ~71900 packets. I don't know where comes from the others 1900 packets, because if I open the pcap file I fonund in it 70'000 packets perfectly. Other times I get less than 70'000 packets, about 500 packets less. I added an if statement: if ((result != -2) && (result > 0)) put the packet into the view... Where does this problems come from? The problem is querying a pcap file that change in real time or a more big trouble in my sorce code. I've got this problem from various versions. What do you suggest me? I attached the main file where the sniffing is managed... The project is into the KDE svn: http://websvn.kde.org/trunk/playground/network/ksniffer/ Please try to let me understand where should be the problem. I know the code is not so easy in my project, but if you know about an issue on libpcap in the way I get the live sniffing let me know. Thank you for your attention, Giovanni Venturi -- A KDE Italian translator and KSniffer core developer Slackware GNU/Linux current version - kernel 2.6.28.7 KSniffer Project - http://www.ksniffer.org/ KDE Italia - http://www.kde-it.org/
Attachment:
sniffer.h
Description:
Attachment:
ksniffer.cpp
Description:
Attachment:
ksniff.cpp
Description:
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- reading a live pcap file in real time Giovanni Venturi (Mar 03)
- Re: reading a live pcap file in real time Guy Harris (Mar 03)
- Re: reading a live pcap file in real time Guy Harris (Mar 03)
- <Possible follow-ups>
- reading a live pcap file in real time Giovanni Venturi (Mar 03)
- Re: reading a live pcap file in real time Guy Harris (Mar 03)