tcpdump mailing list archives
Re: How to tell if application is handling packets
From: Guy Harris <guy () alum mit edu>
Date: Sat, 26 Dec 2009 15:53:56 -0800
On Dec 26, 2009, at 3:13 PM, Chris Morgan wrote:
Ahh, so ps_drop might work for this. Users are reporting issues on Windows with the latest winpcap release but I do a lot of my testing under Linux, Ubuntu 9.10, 2.6.31 x64. I'd be doing the drop testing under Linux initially. On Linux its pcap version 2.4 from pcap.h although the package is listed as version 0.8.
Actually, it's file format version 2.4. Somewhat confusingly, PCAP_VERSION_MAJOR and PCAP_VERSION_MINOR are the major
and minor version numbers of the pcap file format, not of the pcap library.
The best way to get the version number of the libpcap library is probably to run "tcpdump -h":
$ tcpdump -h
tcpdump version 4.0.0
libpcap version 1.0.0
Usage: tcpdump [-aAdDefIKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
[ -i interface ] [ -M secret ] [ -r file ]
[ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ]
[ -y datalinktype ] [ -z command ] [ -Z user ]
[ expression ]
and, yes, even with a package listed as version 0.8, the libpcap version might be something else - for some reason,
Debian (and Ubuntu) call it "libpcap 0.8" even though they've upgraded to a later version of the library.
Alternatively, if libpcap on your system has the pcap_lib_version() routine, it returns a pointer to a character string
giving the version number of libpcap, so your application could use that (that's what tcpdump uses, if available).
Otherwise, the library might define an external variable "pcap_version", which is a char array ("extern char
pcap_version[]") with a string containing a version number for libpcap (again, that's what tcpdump uses if it's
available and pcap_lib_version() isn't).-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- How to tell if application is handling packets too slowly, causing them to be missed? Chris Morgan (Dec 26)
- Re: How to tell if application is handling packets too slowly, causing them to be missed? Guy Harris (Dec 26)
- Re: How to tell if application is handling packets Chris Morgan (Dec 26)
- Re: How to tell if application is handling packets Guy Harris (Dec 26)
- Re: How to tell if application is handling packets Chris Morgan (Dec 26)
- Re: How to tell if application is handling packets Chris Morgan (Dec 26)
- Re: How to tell if application is handling packets too slowly, causing them to be missed? Guy Harris (Dec 26)