StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
17409867
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2013-07-01T17:03:34.200
FavoriteCount
0
LastActivityDate
2013-07-01T17:03:34.200
LastEditDate
LastEditorUserId
0
OwnerUserId
0
ParentId
17159733
PostTypeId
2
Score
1
ViewCount
0
LastEditorDisplayName
text
Body
<blockquote> <pre><code>while (packet = pcap_next(handle,&header)) { u_char *pkt_ptr = (u_char *)packet; </code></pre> </blockquote> Don't do that; you're throwing away the <code>const</code>, and you really should NOT be modifying what the return value of <code>pcap_next()</code> points to. <blockquote> <pre><code> struct ip *ip_hdr = (struct ip *)pkt_ptr; //point to an IP header structure </code></pre> </blockquote> That will point to an IP header structure ONLY if <code>pcap_datalink(handle)</code> returns <code>DLT_RAW</code>, which it probably will NOT do on most devices. If, for example, <code>pcap_datalink(handle)</code> returns <code>DLT_EN10MB</code>, <code>packet</code> will point to an Ethernet header (the <code>10MB</code> is historical - it's used for all Ethernet speeds other than the ancient historical 3MB experimental Ethernet at Xerox, which had a different header type). See <a href="http://www.tcpdump.org/linktypes.html" rel="nofollow">the list of link-layer header type values</a> for a list of the possible <code>DLT_</code> types. <blockquote> <pre><code> struct pcap_pkthdr *pkt_hdr =(struct pcap_pkthdr *)packet; </code></pre> </blockquote> That won't work, either. The <code>struct pcap_pkthdr</code> for the packet is in <code>header</code>. <blockquote> <pre><code> unsigned int packet_length = pkt_hdr->len; </code></pre> </blockquote> As per my earlier comment, that won't work. Use <code>header.len</code> instead. (And bear in mind that, if a "snapshot length" shorter than the maximum packet size was specified in the <code>pcap_open_live()</code> call, or specified in a <code>pcap_set_snaplen()</code> call between the <code>pcap_create()</code> and <code>pcap_activate()</code> calls, <code>header.caplen</code> could be less than <code>header.len</code>, and only <code>header.caplen</code> bytes of the packet data will actually be available.) <blockquote> <pre><code> unsigned int ip_length = ntohs(ip_hdr->ip_len); </code></pre> </blockquote> And, as per my earlier comment, that probably won't work, either.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POlibpcap read packet size
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. This table or related slice is empty.
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POlibpcap read packet size
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.