tcpdump mailing list archives

Re: Rx packets are not captured on physical

From: Aaron Turner <synfinatic () gmail com>
Date: Fri, 19 Jun 2009 09:58:21 -0700

On Thu, Jun 18, 2009 at 11:30 PM, Lakshmana
Reddy<rvlreddy.tech () gmail com> wrote:

[snip]

I walked through the tcpdump/pcap code to see what going on.. so far my
understanding is that the pcap_loop(), to capture the packets on the given
device invokes the recvfrom() sys call to get the raw packets from the
kernel and parses them before passing to a call back. I am wondering where
would the Rx packets lost in this code path.

Can somebody shed some light on this..



You'd need to look at the Linux kernel's PF_PACKET implementation to
understand why this is happening.  tcpdump uses libpcap which uses the
PF_PACKET socket API to read frames.

-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Rx packets are not captured on physical interface when bonded. Lakshmana Reddy (Jun 19)
- Re: Rx packets are not captured on physical Aaron Turner (Jun 19)
  - Re: Rx packets are not captured on physical Lakshmana Reddy (Jun 22)
    - Re: Rx packets are not captured on physical Aaron Turner (Jun 23)
- Re: Rx packets are not captured on physical interface when bonded. Guy Harris (Jun 19)