Re: live capture questions

[Guy Harris <guy () alum mit edu>]

On Nov 18, 2003, at 7:38 AM, Chris sun wrote:

>   I was using libpcap to do some node discovery work, initially, I 
> send a broadcast to all nodes on the network, each node will reply to 
> this broad cast with it's unique ID. I opened pcap in live capture 
> mode.  Since in live capture mode, i can only read 1 packet per 
> capture.

What do you mean "in live capture mode, i can only read 1 packet per 
capture"?  There is no restriction in libpcap that causes "pcap_loop()" 
always to quit after 1 packet, nor does a "pcap_t" supply only one 
packet ever.

If you mean that if you explicitly tell "pcap_loop()" to see only one 
packet, by passing 1 as the "cnt" argument, you'll only get one packet 
- but if you're going to send a discovery broadcast and wait for 
responses from multiple machines, you shouldn't do that.

>  i wonder if all the nodes try to send reply at the same time to my 
> host machine(the one captures the packet), how do i make sure i will 
> read all reply packet ?  I am using pacap_dispatch() function.

Use "pcap_dispatch()" in a loop - or use "pcap_loop()", which does the 
loop for you.

However, you can't be "sure" you will read all the reply packets, 
because you don't know when you've gotten the last one (the only way to 
know that is to know how many will be sent - but if you're doing node 
discovery, you presumably don't know how many will be sent, because you 
don't know how many nodes there will be).

What you need to do is to keep reading packets with "pcap_dispatch()", 
or use "pcap_loop()", and quit only after some amount of time has 
passed.

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe