我正在使用libpcap编写嗅探器。我的问题是,在调用pcap_loop()或pcap_next()并实际获取数据包(调用回调函数)之间有7-10秒的延迟。但是,如果我在同一台设备上使用带有相同滤波器的wireshark,那么在我按下" start"之后就没有这样的延迟。按钮。为什么我的程序有延迟,有没有办法解决这个问题?
我正在研究atheros wifi芯片。使用
将设备设置为监控模式airmon-ng start wlan0
我确定有足够的流量来收听,因为我可以在wireshark中看到这些包。 谢谢。
答案 0 :(得分:5)
I'm using 10000
The to_ms argument to @Override
protected void onDraw(Canvas canvas) {
super.onDraw(canvas);
mRedRect0F = new RectF(0, 0, 20, measuredHeight);
mRedRect1F = new RectF(getWidth() - 20, 0, getWidth(), getHeight());
canvas.drawRect(mRedRect0F, mRedRectPaint);
canvas.drawRect(mRedRect1F, mRedRectPaint);
}
and pcap_open_live() is in milliseconds.
10000 milliseconds is 10 seconds.
Try using 1000, which is the value tcpdump uses - that'll reduce the delay to 1 second - or using 100, which is the value Wireshark uses - that'll reduce the delay to 1/10 second.
I read on a tutorial about this field: " on at least some platforms, this means that you may wait until a sufficient number of packets arrive before seeing any packets, so you should use a non-zero timeout"
The tutorial in question is the tcpdump.org "How to use libpcap" tutorial, and the passage in question was added in this CVS commit:
pcap_set_timeout()so I'm familiar with it. :-)
I'd have to spend some time looking at the Linux kernel code (again) to see what effect a timeout value of 0 would have on newer kernels. However, when writing code that uses libpcap/WinPcap to do live captures, you should always act as if you're writing code for such a platform; your code will then be more portable to other platforms and will not break if the behavior of a zero timeout changes.