I used pcap_dispatch() the manpage says when readding live capture, only 1 bufferful of packets is read at a time, I was wondering what the "1 bufferful packets means"? suppose I set the cnt to be large enough to hold all pakcets sent from node, will my callback be called untill after it read the cnt number of packets ?
chris, sun ----- Original Message ----- From: "Guy Harris" <[EMAIL PROTECTED]> To: "Chris sun" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, November 18, 2003 2:02 PM Subject: Re: [tcpdump-workers] live capture questions > > On Nov 18, 2003, at 7:38 AM, Chris sun wrote: > > > I was using libpcap to do some node discovery work, initially, I > > send a broadcast to all nodes on the network, each node will reply to > > this broad cast with it's unique ID. I opened pcap in live capture > > mode. Since in live capture mode, i can only read 1 packet per > > capture. > > What do you mean "in live capture mode, i can only read 1 packet per > capture"? There is no restriction in libpcap that causes "pcap_loop()" > always to quit after 1 packet, nor does a "pcap_t" supply only one > packet ever. > > If you mean that if you explicitly tell "pcap_loop()" to see only one > packet, by passing 1 as the "cnt" argument, you'll only get one packet > - but if you're going to send a discovery broadcast and wait for > responses from multiple machines, you shouldn't do that. > > > i wonder if all the nodes try to send reply at the same time to my > > host machine(the one captures the packet), how do i make sure i will > > read all reply packet ? I am using pacap_dispatch() function. > > Use "pcap_dispatch()" in a loop - or use "pcap_loop()", which does the > loop for you. > > However, you can't be "sure" you will read all the reply packets, > because you don't know when you've gotten the last one (the only way to > know that is to know how many will be sent - but if you're doing node > discovery, you presumably don't know how many will be sent, because you > don't know how many nodes there will be). > > What you need to do is to keep reading packets with "pcap_dispatch()", > or use "pcap_loop()", and quit only after some amount of time has > passed. > > - > This is the TCPDUMP workers list. It is archived at > http://www.tcpdump.org/lists/workers/index.html > To unsubscribe use mailto:[EMAIL PROTECTED] - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
