Clickhouse  DHCP  DNS  Junos  Networks  OpenSSL  PCAP  Wiki.js 
C  C++  Chroot  Clickhouse  Compression  Databases  DHCP  DNS  Junos  Katex  Latex  Networks  OpenSSL  PCAP  Random  Wiki 
featured image pcapdroid.svg Image Source

More on Debian Jessie/Ubuntu Trusty packet capture woes

Jim Hague PCAP Networks PCAP C C++
Back in September I wrote about a problem we’d come across when capturing traffic with pcap_dispatch() or pcap_next_ex() on Ubuntu Trusty or Debian Jessie. When the traffic was slow, we saw packets not being captured. We’ve since done a bit more digging. The problem, we think, is a bug in the Linux kernel select() system call. With both pcap_dispatch() and pcap_next_ex() we’re using a central loop …
featured image pcapdroid.svg Image Source

Compressing pcap files

Jim Hague PCAP Networks PCAP compression
Here at Sinodun Towers, we’re often dealing with pcap DNS traffic capture files created on a far distant server. These files need to be compressed, both to save space on the server, and also to speed transfer to our machines. Traditionally we’ve used gzip for quick but basic compression, and xz when space was more important than CPU and we really needed the best compression we could get. At a …
featured image pcapdroid.svg Image Source

Packet capture woes with libpcap on Ubuntu Trusty and Debian Jessie

Jim Hague PCAP Networks PCAP C C++
Usually when you’re using libpcap to capture network traffic, your chief worry will be whether or not your application will keep up with the flow of traffic. Today, though, I’ve stubbed my toe on a problem with traffic that’s too slow. It happens with both Ubuntu Trusty and Debian Jessie. If there’s a gap between packets of more than about 50 milliseconds, the first packet to arrive after the gap …