On Mar 15, 2013, at 9:07 AM, wen lui <esolvepol...@gmail.com> wrote:
> I used libpcap function pcap_next() to capture some tcp packets I checked
> the bytes of the captured packets and notice that the ethernet and ip
> header of packets are distorted, in a mess with a lot 0's but the TCP
> header is fine
>
> what are potential reasons for this?
One potential reason could be that the program calls pcap_next(), then calls
pcap_close(), and then tries to use the data pointed to by the pointer returned
by pcap_next(), which isn't going to work:
http://stackoverflow.com/questions/15436969/why-the-ethernet-and-ip-header-of-packets-which-are-captured-by-libpcap-functio/
If that's the reason, only call pcap_close() when you're finished processing
all packets.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
