Re: Problem with generation of Pcap traces for Wireshark through Libpcap

[Guy Harris <guy () alum mit edu>]

On May 13, 2009, at 11:38 AM, Johan Mazel wrote:

> My program work like this:
> -I initialize my process of capture on my network interface (eth0)  
> through
> these 2 functions : pcap_create, pcap_activate (I also use some  
> function
> like pcap_set_timeout, pcap_set_direction but this is not really  
> relevant).
> -I initialize my process of writing into the file through these 2  
> functions
> : pcap_create, pcap_dump_open.

Umm, why are you calling pcap_create twice()?  pcap_dump_open()  
creates the dump file for you; it does require a pcap_t as an  
argument, but that doesn't mean "just randomly open a pcap_t", it  
means "the packets you're writing are presumably coming from a live  
capture or another savefile, so you should supply the pcap_t for the  
live capture or savefile".

I.e., don't call pcap_create() twice; just pass the pcap_t for eth0,  
after you've activated it, to pcap_dump_open().

I'll fix pcap_dump_open() to fail if it's handed a non-activated  
pcap_t, as the reason why it needs a pcap_t is to get a link type  
value and snapshot length, and, until a live-capture pcap_t is  
activated, it doesn't have a link type value or snapshot length, so  
the link type for the dump file will be bogus.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.