tcpdump mailing list archives

Re: why does pcap_dispatch return 0?

From: liu wen <caonimagongling () gmail com>
Date: Thu, 15 Oct 2015 08:32:22 +0200

hi,

 I tried to modify timeout of pcap_open_live(), but the problem persists.

Then I wrote an independent program to investigate the problem

I modifies res = pcap_dispatch(handle, -1, collect_pkt, (u_char
*)pkt_queue); to  res = pcap_dispatch(handle, 1, process_pkt, NULL); and
tries to process each received packet.

the whole source codes are in capture.tar.gz

I run the program on host  192.168.0.106, and open a browser on another
host to visit 192.168.0.106:8000
I use tcpdump with the same filter expression as in the capture program to
capture the packets (see attachment).

there are 16 packets altogether, but the program only capture 10 packets,
that is 3 4 5 8 9 10 11 12 13 15
the on_capture event was triggered for 14 times, in order as below:

* 3 4 5 * 8 * 9 10 11 12 13 * 15

* means the pcap_dispatch return 0, for the other numbers(3 4 5 8 9 10 11
12 13 15)  pcap_dispatch return 1
for the missing 16th packet, it is maybe that I end my program before I
close the tcpdump process. so it means my capture program can't capture
packet 1 2 6 7 14

why does this happen? why can't my program capture all the packets?

On Tue, Oct 13, 2015 at 11:22 AM, Guy Harris <guy () alum mit edu> wrote:


On Oct 11, 2015, at 5:00 PM, liu wen <caonimagongling () gmail com> wrote:

then I run the program on host A and send packets from host B, meanwhile

use a tcpdump to capture packets on A  (tcpdump -i eth0  port 8000 )
the tcpdump can capture the packet, but in the program,  pcap_dispatch()
returns 0 when it is called for first time and the second time (so I get

to

consecutive 0, "pcap_dispatch() returns 0", also collect_pkt() was not
invoked), what is wrong? (when it is called for the thrid time, it

returns

1)


See


http://stackoverflow.com/questions/33090350/how-the-difference-between-libevent-version-1-4-and-2-0-influence-libpcap-events/33098836#33098836

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

why does pcap_dispatch return 0? liu wen (Oct 11)
- Re: why does pcap_dispatch return 0? Guy Harris (Oct 11)
  - Message not available
    - Message not available
    - Fwd: why does pcap_dispatch return 0? liu wen (Oct 12)
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: why does pcap_dispatch return 0? liu wen (Oct 12)
- Re: why does pcap_dispatch return 0? Guy Harris (Oct 13)
  - Re: why does pcap_dispatch return 0? liu wen (Oct 14)