[tcpdump-workers] Link-Layer Header Type request for Linux Kernel Messages

Hello, I would like to request a new link-layer header type value: LINKTYPE_DEV_KMSG_LINUX DLT_DEV_KMSG_LINUX and LINKTYPE_KLOG_LINUX DLT_KLOG_LINUX Linux Kernel Message can be captured on Linux by /dev/kmsg and klogctl. Kernel logs can be useful for analysis Linux and network(etc.) behaviour.

Re: [tcpdump-workers] moves to github

> Denis> I tried closing a couple of issues, but ran into a > Denis> question. Do existing tags in GitHub issues (v3.5, v3.6, > Denis> ... v4.3) mean "opened against version N.N" or "fixed in > Denis> version N.N"? > > let's take this to mean, opened against version N.N. I have loo

[tcpdump-workers] tcpdump vs libpcap : CPU usage shooting high for two simultaneous captures on wireless monitor interfaces

hi everyone, I have written my own data collection tool, for custom needs using libpcap for wireless interfaces(2.4,5 GHz) on a router. I could not find any flag in tcpdump that i can collect only x number of mgmt packets, y number of control packets and the rest data packets. The issue i face is

Re: [tcpdump-workers] tcpdump vs libpcap : CPU usage shooting high for two simultaneous captures on wireless monitor interfaces

On Apr 17, 2013, at 3:57 PM, abhinav narain wrote: > Can someone explain this behavior ? As you're saying "libpcap" rather than WinPcap, I'm assuming this is some flavor of UN*X, such as Linux. Could you build a profiled version of your tool (compile with "-pg") and then run gprof on the to

[tcpdump-workers] (no subject)

handle = pcap_open_live(dev, BUFSIZ, 0, 0, errbuf); pcap_compile(handle, &fp, filter_exp, 0, mask) == -1 pcap_setfilter(handle, &fp); struct pcap_pkthdr pcap_header; // The header that pcap gives us const u_char *pcap_packet; // The actual pack

[tcpdump-workers] parent-child process, selectable file descriptor and pcap

I have a program, part of the source codes are: handle = pcap_open_live(dev, BUFSIZ, 0, 0, errbuf); pcap_compile(handle, &fp, filter_exp, 0, mask) == -1 pcap_setfilter(handle, &fp); struct pcap_pkthdr pcap_header; // The header that pcap gives us const

Re: [tcpdump-workers] tcpdump vs libpcap : CPU usage shooting high for two simultaneous captures on wireless monitor interfaces

Thanks for replying on this, as I am actually helpless on this issue for days now. As you're saying "libpcap" rather than WinPcap, I'm assuming this is some > flavor of UN*X, such as Linux. > > You are right, its running 2.6.32 on OpenWrt. > Could you build a profiled version of your tool (compi

Re: [tcpdump-workers] tcpdump vs libpcap : CPU usage shooting high for two simultaneous captures on wireless monitor interfaces

On Apr 17, 2013, at 7:11 PM, abhinav narain wrote: > I am curious to know if tcpdump does something > interesting to deal with such situation (I dint find anything > when I last read the code..couple of months back) It does absolutely nothing whatsoever to discover whether there are other ve

Re: [tcpdump-workers] tcpdump vs libpcap : CPU usage shooting high for two simultaneous captures on wireless monitor interfaces

Hi Guy, Thanks for clearing this > It does absolutely nothing whatsoever to discover whether there are other > versions of tcpdump are running. Ok > Am I right to say that the two processes spin on some shared resource ? > > Given that I don't know what routines in the programs or libraries the

Re: [tcpdump-workers] pcap and select()

On Apr 17, 2013, at 6:56 PM, wen lui wrote: >handle = pcap_open_live(dev, BUFSIZ, 0, 0, errbuf); >pcap_compile(handle, &fp, filter_exp, 0, mask) == -1 >pcap_setfilter(handle, &fp); >struct pcap_pkthdr pcap_header; // The header that pcap gives us >con