Re: How to tell if application is handling packets

[Chris Morgan <chmorgan () gmail com>]

On Sat, Dec 26, 2009 at 6:53 PM, Guy Harris <guy () alum mit edu> wrote:
> On Dec 26, 2009, at 3:13 PM, Chris Morgan wrote:
>
> > Ahh, so ps_drop might work for this.
> >
> > Users are reporting issues on Windows with the latest winpcap release
> > but I do a lot of my testing under Linux, Ubuntu 9.10, 2.6.31 x64. I'd
> > be doing the drop testing under Linux initially. On Linux its pcap
> > version 2.4 from pcap.h although the package is listed as version 0.8.
>
> Actually, it's file format version 2.4.  Somewhat confusingly, PCAP_VERSION_MAJOR and PCAP_VERSION_MINOR are the 
> major and minor version numbers of the pcap file format, not of the pcap library.

Doh. I've attached a patch that adds a short comment to describe those
values so I, and maybe others, don't run into the same issue again.


> The best way to get the version number of the libpcap library is probably to run "tcpdump -h":
>
>        $ tcpdump -h
>        tcpdump version 4.0.0
>        libpcap version 1.0.0
>        Usage: tcpdump [-aAdDefIKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
>                        [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
>                        [ -i interface ] [ -M secret ] [ -r file ]
>                        [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ]
>                        [ -y datalinktype ] [ -z command ] [ -Z user ]
>                        [ expression ]
>
> and, yes, even with a package listed as version 0.8, the libpcap version might be something else - for some reason, 
> Debian (and Ubuntu) call it "libpcap 0.8" even though they've upgraded to a later version of the library.

Ahh. That's pretty silly of them. I should report that as a ubuntu or
debian bug...

cmorgan@cmorgan-laptop:~/sharppcap_git/Test/bin/Debug$ tcpdump -h
tcpdump version 4.0.0
libpcap version 1.0.0


> Alternatively, if libpcap on your system has the pcap_lib_version() routine, it returns a pointer to a character 
> string giving the version number of libpcap, so your application could use that (that's what tcpdump uses, if 
> available).  Otherwise, the library might define an external variable "pcap_version", which is a char array ("extern 
> char pcap_version[]") with a string containing a version number for libpcap (again, that's what tcpdump uses if it's 
> available and pcap_lib_version() isn't).-
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.

Yes, right. I was aware of pcap_lib_version() but it required more
effort to call that routine than look in the header file and get
confused :-)


Chris

Attachment: 0001-Add-a-comment-to-describe-PCAP_VERSION_MAJOR-and-PCA.patch
Description:

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.