ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: Re: [ethereal-dev] yep, damnit... it's the linux kernel screwing with the packet

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 8 Dec 1999 14:51:31 -0800 (PST)
> How annoying... Should ethereal do any handling of this, or should we
> consider it being broke, and not care?

Well, there might be some heuristics that could cope with it -
unfortunately, we'd have to know whether the capture file came from a
Linux system, and "we're running on Linux/not running on Linux" doesn't
necessarily correctly tell us that.

*I* consider the Linux mechanism broken - if you have a mechanism in
your OS that purports to deliver raw copies of all packets sent
from/received on your machine (or, if promiscuous, all packets on your
network segment), I think it reasonable to expect that you'll get the
raw data from those packets, exactly as they appeared on the wire.

If nothing else, they could perhaps do a copy-on-write on the packet, so
that the copy handed to the raw packet socket doesn't get munged, and do
so only if there *is* a raw packet socket.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube