Hello,
I've created a patch that actually manages to build into an rpm on my
opensuse system. Wireshark HEAD also detects rpcap support when buiding with
cmake. Now all I have to do is wait for the equipment to come back to
do a real test...
The patch can be downloaded from:
http://www-agrw.inform
Hi,
I'm wondering what is in the pcap_data (pcap file format) and what is not?
Especially the timestamp ... is it just in the packet_header or in the
packet_data too?
Regards,
alokat
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
On Jul 9, 2011, at 4:41 PM, Alokat wrote:
> I'm wondering what is in the pcap_data (pcap file format) and what is not?
> Especially the timestamp ... is it just in the packet_header or in the
> packet_data too?
A pcap file starts with a header. Following the header are zero or more packet
reco
On 07/09/11 21:56, Guy Harris wrote:
> On Jul 9, 2011, at 4:41 PM, Alokat wrote:
>
>> I'm wondering what is in the pcap_data (pcap file format) and what is not?
>> Especially the timestamp ... is it just in the packet_header or in the
>> packet_data too?
> A pcap file starts with a header. Followi
Hi,
I'm wondering whats the difference between the pcap_packet and the payload?
I have seen that you can extract the payload like this:
payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp);
Contains the packet_data some more information?
Regards,
alokat
-
This is the tcpdump-wor
On Jul 9, 2011, at 7:01 PM, Alokat wrote:
> I'm wondering whats the difference between the pcap_packet and the payload?
What do you mean by "the payload"?
> I have seen that you can extract the payload like this:
>
> payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp);
That's th
On 07/10/11 00:25, Guy Harris wrote:
> On Jul 9, 2011, at 7:01 PM, Alokat wrote:
>
>> I'm wondering whats the difference between the pcap_packet and the payload?
> What do you mean by "the payload"?
>
>> I have seen that you can extract the payload like this:
>>
>> payload = (u_char *)(packet + SIZ
On Jul 9, 2011, at 7:50 PM, Alokat wrote:
> Just for sure:
>
> *Ethernet packet*
>
> means a layer 2 (OSI / ISO model) packet right?
Yes.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Is the approximation because of the fact that NIC card generarates interrupt
only after some number of packets arrive ?. Does device polling affect time
stamp ? At what stage of capture time stamping is done ?
On Sat, Jul 9, 2011 at 6:59 PM, Alokat wrote:
> On 07/09/11 21:56, Guy Harris wrote:
On Jul 9, 2011, at 6:52 PM, Sanjay Sundaresan wrote:
> Is the approximation because of the fact that NIC card generarates interrupt
> only after some number of packets arrive ?
Yes, that's one of the reasons. There's also the delay between the arrival of
the packet and the delivery of the inte
10 matches
Mail list logo
