tcpdump mailing list archives
Re: problem with relay server using pcap
From: Christian Kreibich <christian () whoop org>
Date: Wed, 11 Oct 2006 13:10:39 -0700
On Wed, 2006-10-11 at 20:03 +0200, Brocha Strous wrote:
I have 2 different implementations. The problem is only with a very small number of users so its not server-wide. Possibly related to a specific firm-ware version of a Zyxel router - are there any known in-compatibility between pcap and this router?
Brocha, Michael has already mentioned the important bit -- your pcap-based implementation will not stop the regular network stack of the OS from handling the packets your server app is snooping. Depending on local OS configurations, you will get parallel processing of the packet in your app and in the kernel, which will surely cause all kinds of unexpected behaviour. Are you sure that a pcap-based approach is actually feasible for the proxy-type application you are writing? At the very least you'll have to ensure that a firewall of some sort prevents the local stacks from seeing the affected packets. Cheers, Christian. -- ________________________________________________________________________ http://www.cl.cam.ac.uk/~cpk25 http://www.whoop.org - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- usb sniffer setup packet Paolo Abeni (Oct 11)
- Re: usb sniffer setup packet ronnie sahlberg (Oct 11)
- Re: usb sniffer setup packet Guy Harris (Oct 11)
- problem with relay server using pcap Brocha Strous (Oct 11)
- Re: problem with relay server using pcap Michael Richardson (Oct 11)
- Re: problem with relay server using pcap Brocha Strous (Oct 11)
- Re: problem with relay server using pcap Guy Harris (Oct 11)
- Re: problem with relay server using pcap Christian Kreibich (Oct 11)
- problem with relay server using pcap Brocha Strous (Oct 11)