Wireshark-dev: Re: [Wireshark-dev] source code
From: "Maria de Fatima Requena" <[email protected]>
Date: Fri, 4 Apr 2008 11:58:29 +0200
Thank you sooooooooo much. I have almost arrived to that (right file, but it was getting harsh to find the exact lines)

For capture_opts->promisc_mode, I think it is just TRUE or FALSE in source code. Im experimenting with using 16 value (max_responsiveness) to soft packet loss at my application. I have also changed timeout at pcap_open to several values, but I don’t get much

Any other ideas to prevent packet loss without having to implement pipes to decouple disk writing from packet reading? 

María de Fátima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es

-----Mensaje original-----
De: [email protected] [mailto:[email protected]] En nombre de Guy Harris
Enviado el: viernes, 04 de abril de 2008 11:22
Para: Developer support list for Wireshark
Asunto: Re: [Wireshark-dev] source code

Maria de Fatima Requena wrote:

> Does anyone know where (which files) is the code for telling skinny packets apart

I.e., the code that recognizes that a given packet is a Skinny Client 
Control Protocol packet?

That's dissect_skinny() in epan/dissectors/packet-skinny.c.

> and for the capture of packets in general?

The capture code is in dumpcap.c.  It's compiled into a program called 
dumpcap, along with some other source files; both Wireshark and TShark 
run that program to do capturing.  (That way, if the code that does 
capturing has to run with privileges, Wireshark and TShark themselves, 
with their 1.5 million lines of dissector code, don't have to run with 
privileges, so if there's a vulnerability in them, the damage they can 
do is limited.)
Wireshark-dev mailing list
[email protected]