Re: Is this a Bug? PCAP can't deal with ipv4&ipv6 hybrid data?

[Guy Harris <guy () alum mit edu>]

On Dec 29, 2011, at 10:30 PM, homeryan wrote:

>     I am processing a hybrid pcap file using libpcap and filter expression.

Then the right place to ask is tcpdump-workers () lists tcpdump org, as per

        http://www.tcpdump.org/

The name nonwithstanding, that list is for both libpcap and tcpdump, and both for people working on both of them and 
for people using both of them.

> // open pcap file
>     if ((fp = pcap_open_offline(pcapfilename.c_str(), errbuf)) == NULL)
>     {
>         cout << "file open failed" << endl;
>         return 0;
>     }

(You probably also want to print the contents of errbuf there, to indicate *why* the file open failed, but, as the file 
open isn't failing, that's not part of the issue you're having.)

>     I'm assure that the pcap file has many packets with tcp dest port 80,

So are they IPv4 packets sent to TCP port 80, IPv6 packets sent to TCP port 80, or both?

If they're only IPv6 packets sent to TCP port 80 - i.e., if there are no IPv4 packets sent to TCP port 80 - what 
happens if you make the filter "ip6 and tcp dst port 80"?  If that string doesn't give an error from pcap_compile() 
(this is a test to make sure your version of libpcap is not so old as not to have IPv6 support or not to include that 
support by default), what happens if you open the file in, for example, Wireshark (which you presumably have, as you're 
sending this to the Wireshark list)?  Do those packets have, for example, extension headers?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe