Problem using pcap packet sniffer

Posted on 2009-02-13
Last Modified: 2012-05-06

I am studying the code of a packet sniffer which is using pcap_loop to receive the packet bytes.

The packet handler is pcap_cb.

The problem is,

It returns different value of  pkthdr->len  and  pkthdr->caplen.

pkthdr->caplen = 68, pkthdr->len = 161

This results in capturing only 68 bytes in buf.  However I have to receive the full 161 bytes of data.

Can anyone please suggest me what should I change in order to get all 161 bytes in buf.

Thanks & Regards,

pcap_loop(device.dev_desc, -1, pcap_cb, (u_char *) &cb_data);

void pcap_cb(u_char *user, const struct pcap_pkthdr *pkthdr, const u_char *buf)


  struct packet_ptrs pptrs;

  struct pcap_callback_data *cb_data = (struct pcap_callback_data *) user;

  struct pcap_device *device = cb_data->device; 

  struct plugin_requests req;

  FILE *fp;

  int i;

  fp = fopen("/var/log/pmacct_logs.txt", "a+");  

  fprintf(fp, "pkthdr->caplen = %d, pkthdr->len = %d\n",pkthdr->caplen,pkthdr->len);


Open in new window

Question by:kamalkgarg
    1 Comment
    LVL 53

    Accepted Solution

    pkthdr->len is the total size of the packet.
    pkthdr->caplen is the size that was captured.

    If caplen = 68 < len, the most likely reason is that snaplen is still set to the default (68). Provide a higher snaplen value when you open the network device for capturing (using pcap_open_live).

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Suggested Solutions

    Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
    This is a short and sweet, but (hopefully) to the point article. There seems to be some fundamental misunderstanding about the function prototype for the "main" function in C and C++, more specifically what type this function should return. I see so…
    The goal of this video is to provide viewers with basic examples to understand recursion in the C programming language.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now