On Dec 26, 2009, at 3:13 PM, Chris Morgan wrote:
> Ahh, so ps_drop might work for this.
>
> Users are reporting issues on Windows with the latest winpcap release
> but I do a lot of my testing under Linux, Ubuntu 9.10, 2.6.31 x64. I'd
> be doing the drop testing under Linux initially. On Linux its pcap
> version 2.4 from pcap.h although the package is listed as version 0.8.
Actually, it's file format version 2.4. Somewhat confusingly,
PCAP_VERSION_MAJOR and PCAP_VERSION_MINOR are the major and minor version
numbers of the pcap file format, not of the pcap library.
The best way to get the version number of the libpcap library is probably to
run "tcpdump -h":
$ tcpdump -h
tcpdump version 4.0.0
libpcap version 1.0.0
Usage: tcpdump [-aAdDefIKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G
seconds ]
[ -i interface ] [ -M secret ] [ -r file ]
[ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ]
[ -y datalinktype ] [ -z command ] [ -Z user ]
[ expression ]
and, yes, even with a package listed as version 0.8, the libpcap version might
be something else - for some reason, Debian (and Ubuntu) call it "libpcap 0.8"
even though they've upgraded to a later version of the library.
Alternatively, if libpcap on your system has the pcap_lib_version() routine, it
returns a pointer to a character string giving the version number of libpcap,
so your application could use that (that's what tcpdump uses, if available).
Otherwise, the library might define an external variable "pcap_version", which
is a char array ("extern char pcap_version[]") with a string containing a
version number for libpcap (again, that's what tcpdump uses if it's available
and pcap_lib_version() isn't).-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
