[Winpcap-users] snaplen in pcap_open_live
Carlo Medas
carlomedas at gmail.com
Sat Sep 20 15:15:42 GMT 2008
Dear Guy and Gianluca,
thank you very much for prompt reply; with you suggested correction it
worked perfectly on all platforms.
Keep up the amazing work.
Br,
Ciao,
\Carlo
On Fri, Sep 19, 2008 at 9:44 PM, Guy Harris <guy at alum.mit.edu> wrote:
>
> On Sep 19, 2008, at 9:40 AM, Gianluca Varenni wrote:
>
> snaplen is used only if you use a capture filter, as the snaplen feature
>> is implemented as a filter. This is the standard behavior of snaplen on
>> libpcap/winpcap.
>>
>
> ...at least on *BSD, Mac OS X, and Windows. In Linux, the return value of
> the BPF filter program isn't treated as a snapshot length, and, on some
> other platforms, the BPF filter isn't even handed to the kernel - in those
> cases, the snapshot length is supplied elsewhere, which is why the snapshot
> length might happen to work without a capture filter on Linux when it
> doesn't work on Windows (or *BSD or Mac OS X).
>
>
>> If you want to use snaplen and you don't need a filter, please compile an
>> empty filter (i.e. the string "").
>>
>
> Yes. This, arguably, should be fixed, so that, if a snapshot length <
> 65535 is specified, and no capture filter is specified, a trivial BPF
> program (ret {snapshot length}) is installed with BPF and WinPcap.
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20080920/d8750a9d/attachment.htm
More information about the Winpcap-users
mailing list