tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: why the ethernet and ip header of packets, which are captured by libpcap function, are distorted

From: Guy Harris <guy () alum mit edu>
Date: Fri, 15 Mar 2013 11:28:57 -0700

On Mar 15, 2013, at 9:07 AM, wen lui <esolvepolito () gmail com> wrote:


I used libpcap function pcap_next() to capture some tcp packets I checked
the bytes of the captured packets and notice that the ethernet and ip
header of packets are distorted, in a mess with a lot 0's but the TCP
header is fine

what are potential reasons for this?


One potential reason could be that the program calls pcap_next(), then calls pcap_close(), and then tries to use the 
data pointed to by the pointer returned by pcap_next(), which isn't going to work:

        
http://stackoverflow.com/questions/15436969/why-the-ethernet-and-ip-header-of-packets-which-are-captured-by-libpcap-functio/

If that's the reason, only call pcap_close() when you're finished processing all packets.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: