This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Is there any difference between libpcap’s Packet buffer and wireshark’s tvbuff

0

Is there any difference between libpcap's Packet buffer and wireshark's tvbuff ???

asked 23 Nov '12, 04:21

Akhil's gravatar image

Akhil
53272831
accept rate: 0%

edited 23 Nov '12, 09:26

grahamb's gravatar image

grahamb ♦
19.8k330206

One Answer:

0

as that's totally different data structures, it might be better to ask if there is anything they have in common ;-).

The only two things I can see:

  • they are both data structures that hold the bytes of network packets (somewhere in the data structure)
  • the language used is C

What's the background of your question?

Regards
Kurt

answered 23 Nov '12, 11:19

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

1.)Does both the buffers for a single packet point to the same memory location? 2.)Can wireshark dissector process packet buffer?

(25 Nov '12, 20:03) Akhil

1)No

2)? Wireshark reads from a file and "loads" the data into a tvb.

(26 Nov '12, 01:36) Anders ♦

1)Then what is the role of packet buffer?

2)From where does the packet comes into the file?

3)what is the name of the file?

(26 Nov '12, 19:43) Akhil

1)You should ask the libpcap people that :-) http://www.tcpdump.org/pcap3_man.html

2)Somthing like this, but you should read the code to find out. Libpcap/WinPcap->dumpcap->"file"->Wireshark

3) It's a temp file with a unique file name prefixed with WS You can find the location from the menu bar help->About folders.

(27 Nov '12, 00:14) Anders ♦