On Dec 29, 2011, at 10:30 PM, homeryan wrote:
> I am processing a hybrid pcap file using libpcap and filter expression.
Then the right place to ask is tcpdump-work...@lists.tcpdump.org, as per
http://www.tcpdump.org/
The name nonwithstanding, that list is for both libpcap and tcpdump, and both
for people working on both of them and for people using both of them.
> // open pcap file
> if ((fp = pcap_open_offline(pcapfilename.c_str(), errbuf)) == NULL)
> {
> cout << "file open failed" << endl;
> return 0;
> }
(You probably also want to print the contents of errbuf there, to indicate
*why* the file open failed, but, as the file open isn't failing, that's not
part of the issue you're having.)
> I'm assure that the pcap file has many packets with tcp dest port 80,
So are they IPv4 packets sent to TCP port 80, IPv6 packets sent to TCP port 80,
or both?
If they're only IPv6 packets sent to TCP port 80 - i.e., if there are no IPv4
packets sent to TCP port 80 - what happens if you make the filter "ip6 and tcp
dst port 80"? If that string doesn't give an error from pcap_compile() (this
is a test to make sure your version of libpcap is not so old as not to have
IPv6 support or not to include that support by default), what happens if you
open the file in, for example, Wireshark (which you presumably have, as you're
sending this to the Wireshark list)? Do those packets have, for example,
extension headers?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
