Hi !
I understand there is no solution to sniffing
for local traffic on Solaris since the
kernel always used the loopback interface for
that.
I suggest to write a STREAMS module to sit on top
of the loopback driver.
Does anyone know if the loopback driver is a
STREAMS driver ? (Say, Solaris 8 a
Thanks for the answer!
There is nothing similar to ip_loopback_bypass
in Solaris.
When I run netstat -i, I do see packets that
are "passed through" the localhost interface.
Is there a real entity in the kernel which is the
loopback interface, may it be a driver (seems not to
be one), STREAMS mo
OK... Assuming I insist on enabling localhost
sniffing on Solaris to the benerfit of all:
How should I approach it?
How about pushing a STREAMS module on top of the TCP
driver? ( Is *that* a STREAMS driver nowdays?)
--ury
--- Rick Jones <[EMAIL PROTECTED]> wrote:
> ury se
> > looking at snort.
>
> libnids is *perfect*, thank you :)
Does it handle lost segments well? I mean, when
you never get a segment, will NIDS understand that,
give up on the segment, and continue feeding the
user with the rest of the stream?
Similarly, does it track connections without
captu
Hi,
I have pcap_dispatch sometimes returning value <0 and
pcap_geterr printing "Resource temporarily
unavailable".
The pcap handler is non blocking
(pcap_setnonblock was called with 1), the fd was
found with pcap_get_selectable_fd, it was select()ed
on and returned turned on. Yet pcap_dispatch
r
) < 0 )) {
printf("Reading packet:
%s",pcap_geterr(pcaph));
}
What I see is :
Reading packet: Resource temporarily unavailable
Is this because there are no packets to read?
--- Guy Harris <[EMAIL PROTECTED]> wrote:
>
> On Apr 15, 2005, at
Hi,
I am trying to run this small sample program on
Solaris 2.8, using pcap 0.8.3 on solaris 8. All I get
when I run this is:
pcap_dispatch: Resource temporarily unavailable
every select timeout. In a gdb session I see that the
fd I got from get_selectable_fd is set, so I call
pcap_dispatch. T
Hi,
The link to pcap-0.9.0-096.tar.gz in www.tcpdump.org
is broken.
Thanks
--ury
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
packets
in Linux.
Also, this is a strip-down of something else that
select()s on more than one fd, so the select() is
kind of silly here...
I'll try to compile with the latest version.
Thanks again!
--- Guy Harris <[EMAIL PROTECTED]> wrote:
> ury segal wrote:
>
> > Any
Your error was that you did not save the
return value from pcap_open_live. It's not
related to the ! operator. You can keep on
using ! if you want.
Change your original errornous
> if (!(pcap_open_live(iface, snaplen, 0, -1,
errbuf)))
to
if (! (pfd = pcap_open_live(iface, snaplen, 0, -1,
errbuf))
Just to same you some pain, here is another
error in your program: Look at your die()
function:
void die (_Bool onoff, char *text, ...) {
va_list(args);
va_start(args, text);
vfprintf(stderr, text, args);
va_end(args);
fflush(stdout);
if (errno &&
Hi!
I'm having a weird problem on AIX 5.2. I have
a program that opens en0 and installs the
following filter :
((tcp[0:2] > 4 and tcp[0:2] < 50001) or
(tcp[2:2] > 4 and tcp[2:2] < 50001)) and (
net 0.0.0.0 mask 0.0.0.0 )
It runs well for a while. If I truss it I see a
lot of lines like
receives EINVAL from every read on
the bpf socket.
However, this does NOT happen if I use libpcap
0.8.1 . I suspect that something has changed
between 0.8.1 and the version that is now
in cvs.
This happens both on Uni-processor and SMP.
Thanks!
--- Ury Segal <[EMAIL PROTECTED]> wrote:
Hi!
I'd prefer calling "pcap_open_live()" twice,
set the appropriate filters (which may be
different), call "get_selectable_fd()" on each
pcap_t, and then use select() to pick up packets
from any interface that may have some ready. That
way I don't have to deal with threads.
However on some si
What do you mean by "MMAP mode" ?
--- Öì¹úÔÆ <[EMAIL PROTECTED]> wrote:
> Hi,everybody:
>
> I want to know how to make libpcap(version
> 0.9.20060417) work in MMAP mode. Would somebody
> give me some help? Thanks in advance!
>
>
> -
> This is the tcpdump-workers list.
> Visit https://l
The buttom of the problem is this:
You excpect libpcap to call X::dumper in
the context of an instance of class X.
(The "real" first parameter of "X::dumper"
is a variable named "this" of the type "X*".)
But the libpcap API is not defining a
>`void (X::)(u_char*, const pcap_pkthdr*, const
> u_
Hi,
I am running a local pcap application on a
Solaris
host, capturing only packets going to and from a
specific interface. Sometimes I see several
packets coming in, in a row, and then several
packets going out, in a row, from that interface.
However, I know (from the content of the packets
a
Hi!
> I think you are seeing the same problem that I
> have described in my posting "Not receiving
>packets on Solaris, but no problems on Linux and
> BSD".
>
> I think what we both need is the Solaris/DLPI
> equivalent to the BSD/BPF BIOCIMMEDIATE ioctl.
Do you happen to know what is the So
18 matches
Mail list logo
