Guy Harris
Guy Harris
That could cause the time stamps to drift from the system time. WinPcap and Npcap support multiple time stamping mechanisms; Npcap supports using `KeQuerySystemTimePrecise()` on Windows 8 and later (it's...
What happens if you run with `-vv` which, it appears, will cause the programs to report errors from libpcap calls? (And why are those not *ALWAYS* reported? "Error while performing...
> Not more, unfortunately: So either 1) running with four `-v`s doesn't cause `idata->verbose_f` in `ipv6_to_ether()` to be set to a value > 1 or 2) `foundaddr` isn't set to...
OK, try that again, but with tcpdump running with a filter of "icmp6 and ip6[7]==255 and ip6[40]==136 and ip6[41]==0".
tcpdump with the filter - which is also the filter used by ipv6tools when looking for a Neighbor Advertisement - saw the Neighbor Advertisements, so the filter doesn't seem to...
By the way, if you're willing to require libpcap 1.5 or later: The various packet batching mechanisms are oriented towards packet capture, where immediate delivery isn't a priority but reducing...
For the Internet checksum, used in the protocols you mention, the Wireshark code is in epan/in_cksum.c; it's based on the BSD checksum code.
> As I feared, that code is not usable for me. If "that code" refers to the code from Wireshark, then: > I can't figure out what it is doing....
> It is wireshark code that I cannot figure out. Ignore it. The only part of the Wireshark checksumming code of interest to anybody not doing Wireshark development is the...
Does this work for rpcap-over-TLS connections?