Wireshark · Wireshark-users: Re: [Wireshark-users] Packet capture point

Wireshark-users: Re: [Wireshark-users] Packet capture point

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Sun, 26 Apr 2009 11:23:51 -0700

On Apr 26, 2009, at 10:31 AM, Jacek Tranczewski wrote:

I'm using Linux Debian 2.6.26-1-686

The routine in 2.6.26.5 (and probably other recent versions of Linux,and older versions going back to some degree) that "wraps around"outgoing packets for capture is dev_queue_xmit_nit() in net/core/dev.c. It's called from dev_hard_start_xmit(), which is called fromdev_queue_xmit() for devices with no queue and qdisc_restart(), calledfrom __qdisk_run, called from qdisc_run(), for devices with a queue.

dev_queue_xmit_nit() is called before the device's hard_start_xmitroutine is called. That probably means the packet is handed tolibpcap at about the time that it's transmitted.

Follow-Ups:
- Re: [Wireshark-users] Packet capture point
  - From: Guy Harris

References:
- [Wireshark-users] Packet capture point
  - From: Jacek T .
- Re: [Wireshark-users] Packet capture point
  - From: Guy Harris
- Re: [Wireshark-users] Packet capture point
  - From: Jacek
- Re: [Wireshark-users] Packet capture point
  - From: Guy Harris
- Re: [Wireshark-users] Packet capture point
  - From: Jacek Tranczewski

Prev by Date: Re: [Wireshark-users] Out of sequence packets
Next by Date: Re: [Wireshark-users] Packet capture point
Previous by thread: Re: [Wireshark-users] Packet capture point
Next by thread: Re: [Wireshark-users] Packet capture point
Index(es):
- Date
- Thread