tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Where are the packets going?

From: Luís Correia <lfpcorreia () gmail com>
Date: Tue, 17 Dec 2013 11:55:26 +0000
Hi guys,


I'm doing a simple packet capture and process stuff in wifi using openwrt.
(Atheros AR7240 CPU, Atheros AR9331 integrated wifi)


When I create a monitor interface using iw I can see the captured packets
in ifconfig or /proc/net/dev.

The thing is, it works A LOT better if I also generate traffic in a second
wifi interface (connecting to any wifi network).

For example, if my code prints something per packet to the screen, because
I use a ssh session to view the printed lines (this gives me the generated
traffic), the count of captured packets keep increasing)

If I don't print anything per packet, but print something per 1000 packets,
thus getting a lot less traffic in the wifi ssh session, me code takes a
LOT longer to reach, for example, 10.000 packets.

(The difference is <10 seconds with "traffic" and > 30 seconds without
"traffic")


I've been testing with different kernels, libpcap versions and mac80211
versions.

The best setup is kernel 3.3.8 with libpcap 1.3 (haven't compiled anything
greater than 1.3) and mac80211 3.3.8+2012-09-07-3.


For example, using kernel > 3.8 with mac80211 from this year (2013), my
code doesn't see any packets besides the ones it TXs ( no matter if its a
monitor interface, in promiscuous mode or not, that is capturing)


Has anyone got a clue of what can be wrong?

My goal is to get as much of captured packets in my code as seen in
/proc/net/dev. I know that if my pcap_dispatch routine gets too long to
process, the PF_SOCKET ring buffer fills up and unprocessed  packets get
dropped. But I see no packets getting into my code, besides my own ones,
using anything from kernel 3.8 and up.

I get decent number of packets with kernel 3.3.8 but I have to "generate"
traffic.. And I tested the number of captured packets using the most simple
pcap_dispatch routine I know (nonblocktest example from the repo).


Thanks in advance.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: