On Mar 15, 2013, at 9:07 AM, wen lui <esolvepol...@gmail.com> wrote:
> I used libpcap function pcap_next() to capture some tcp packets I checked > the bytes of the captured packets and notice that the ethernet and ip > header of packets are distorted, in a mess with a lot 0's but the TCP > header is fine > > what are potential reasons for this? One potential reason could be that the program calls pcap_next(), then calls pcap_close(), and then tries to use the data pointed to by the pointer returned by pcap_next(), which isn't going to work: http://stackoverflow.com/questions/15436969/why-the-ethernet-and-ip-header-of-packets-which-are-captured-by-libpcap-functio/ If that's the reason, only call pcap_close() when you're finished processing all packets. _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers