On May 13, 2009, at 11:38 AM, Johan Mazel wrote:
My program work like this:
-I initialize my process of capture on my network interface (eth0)
through
these 2 functions : pcap_create, pcap_activate (I also use some
function
like pcap_set_timeout, pcap_set_direction but this is not really
relevant).
-I initialize my process of writing into the file through these 2
functions
: pcap_create, pcap_dump_open.
Umm, why are you calling pcap_create twice()? pcap_dump_open()
creates the dump file for you; it does require a pcap_t as an
argument, but that doesn't mean "just randomly open a pcap_t", it
means "the packets you're writing are presumably coming from a live
capture or another savefile, so you should supply the pcap_t for the
live capture or savefile".
I.e., don't call pcap_create() twice; just pass the pcap_t for eth0,
after you've activated it, to pcap_dump_open().
I'll fix pcap_dump_open() to fail if it's handed a non-activated
pcap_t, as the reason why it needs a pcap_t is to get a link type
value and snapshot length, and, until a live-capture pcap_t is
activated, it doesn't have a link type value or snapshot length, so
the link type for the dump file will be bogus.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.