Recently, my job involved capturing data, which STB communicates with BOSS. I connected my computer with STB using a 10M HUB in sharing mode (not switching mode), then, using wireshark, I do capture the desired data, but using my program, I can not capture any more. My program is linked with libpcap library. What's more, I download several network analyzing tools, and none of them can work as I desired and capture the desired data. So, I need to understand how wireshark avoids the bug my program runs up against, and what's the flow in which wireshark captures data from network. PS.I am from ShenZhen City,China,and glad to receive reply from foreign friends. asked 22 May '12, 01:03  coolio edited 22 May '12, 17:43  cmaynard ♦♦ |
3 Answers:
you can download the source code of wireshark and learn how it works
It might help troubleshooting your own tool. Furthermore I recommend these links:
Regards answered 22 May '12, 01:23  Kurt Knochner ♦ |
Are you capturing in promiscuous mode? What's the code in your program that opens the capture device ( answered 22 May '12, 11:31  Guy Harris ♦♦ |
If the traffic you're trying to capture is PPPoE traffic, and you're using a capture filter, and answered 25 May '12, 09:41 Guy Harris ♦♦ |
Dear Kurt: First of all,thank very for you kindly and timely help,the suggestions and articles you advised are of high quality,from which I have learned much knowlege about libpcap.Keeping track of clues provided in libpcap-programming.pdf,I have solved my programe's bug smoothly,which is about the data encapsulation method in network protocol.I checked the data byte-by-byte ,and found that between Ethernet head part and IP head part,there are 8 bytes organized in PPPoE protocol.So in order to debug my programe,I should let filter expression is NULL,and pay attention to PPPoE bytes. Best wishes to your work and life. Regards Coolio
Jetsen Co.Ltd,ShenZhen,China
Coolio,
I'm glad I was able to help.
BTW: If you like my answer, you can mark it as the correct answer.
Thanks
Kurt