> Sometimes the text is displayed in the capturing window, of course
> everything is
> 0%, and sometimes the text does not appear at all.
Have you modified the "libpcap" library that comes with the OS?
If not, that's the problem - the vanilla "libpcap" library, and even the
mutant "libpcap" that comes with Red Hat 6.1, doesn't fully implement
the "libpcap" API, and Ethereal, when capturing packets, depends on one
of the features unimplemented in the Linux version; without it, it
waits forever for a packet to arrive, rather than being able to check
for user input, etc. every 1/4 second.
Try installing the source (I think the SRPM is, irritatingly enough,
named "tcpdump-3.4" or something, with "libpcap" and "tcpdump" bundled
into it, rather than there being separate SRPMs with names corresponding
to the names of the RPMs) and, after applying the patches in the SRPM
(or is there some way in Red Hat to install an SRPM and get the patches
applied automatically?), try applying the attached patch (which is a
variant of our standard patch, as described in the "README.linux" file
in the source tree, for the Red Hat 6.1 version of "libpcap").
*** pcap-int.h.dist Thu Oct 14 20:24:53 1999
--- pcap-int.h Fri Dec 24 12:19:09 1999
***************
*** 76,81 ****
--- 76,82 ----
int linktype;
int tzoff; /* timezone offset */
int offset; /* offset for proper alignment */
+ struct timeval timeout; /* packet timeout when reading live traffic */
struct pcap_sf sf;
struct pcap_md md;
*** pcap-linux.c.dist Thu Oct 14 20:24:53 1999
--- pcap-linux.c Fri Dec 24 12:18:42 1999
***************
*** 29,34 ****
--- 29,35 ----
#include <sys/time.h>
#include <sys/types.h>
#include <sys/uio.h>
+ #include <fcntl.h>
#include <net/if.h>
#ifdef HAVE_NET_IF_ARP_H
***************
*** 261,266 ****
--- 262,268 ----
struct sockaddr_ll from;
int fromlen;
int snaplen = p->snapshot;
+ struct timeval timeout;
#ifdef PACKET_TRECV
if (p->buffer == NULL)
***************
*** 271,276 ****
--- 273,301 ----
bufsize = p->bufsize;
for (;;) {
+ if (timerisset(&p->timeout)) {
+ /*
+ * Delay no more than the specified amount of
+ * time waiting for a packet to arrive, by
+ * using "select()" with that as a timeout
+ * to wait for the packet. Return 0 if no
+ * packet arrives.
+ */
+ fd_set set1;
+
+ FD_ZERO(&set1);
+ FD_SET(p->fd, &set1);
+
+ /*
+ * Linux modifies the timeout value, so we need to re-initialize
+ * it each time.
+ */
+ timeout.tv_sec = p->timeout.tv_sec;
+ timeout.tv_usec = p->timeout.tv_usec;
+ if (select(p->fd+1, &set1, NULL, NULL, &timeout) == 0)
+ return (0);
+ }
+
fromlen = sizeof(from);
cc = recvfrom(p->fd, bp, snaplen, MSG_TRUNC, (struct sockaddr*)&from, &fromlen);
if (cc >= 0)
***************
*** 543,548 ****
--- 568,576 ----
#ifdef PACKET_TRECV
}
#endif
+
+ p->timeout.tv_sec = to_ms / 1000;
+ p->timeout.tv_usec = (to_ms * 1000) % 1000000;
return (p);
bad:
