On Wed, Mar 31, 2004 at 01:43:52PM -0800, Joyce Lin wrote:
> I am working with a prgm that uses the libpcap code to capture
> packets. One of the parameters that can be passed to pcap_open_live is
> the "promiscuous" boolean... I wanted to use the program to capture in
> both promiscuous and non-promiscuous modes... Two problems arose - I
> had been capturing packets in promiscuous mode successfully. Then when
> I passed "false" to pcap_open_live, the resulting capture (using
> pcap_dispatch) was still in promiscuous mode.
(These aren't really Ethereal questions - they're probably best sent to
the tcpdump-workers@xxxxxxxxxxx mailing list.)
I assume "false" had the value 0? If not, that won't work.
I presume you know that it was in promiscuous mode because you got
packets that weren't sent to the machine running the program, weren't
sent *by* the machine running the program, and weren't broadcast or
multicast packets? (In "sent to the machine running the program", "to"
means "at the link layer".)
Note also that if anything *else* was running in promiscuous mode on
that interface, at least on some OSes, *everything* capturing on it will
be in promiscuous mode.
