As a workaround, you can configure Nmap -disable-packet-ring -with-libpcap=included (an option that is passed along to libpcap's configure script).
#Wireshark pcap find packet dropped Patch
Please file bug reports with your distros to backport the patch if possible: da413ee This bug was fixed in Linux 3.19, and I can confirm that Nmap has no further issues on Linux 4.0.
#Wireshark pcap find packet dropped code
But the man page for pcap_setnonblock says that pcap_next "will not work in non-blocking mode." It looks like we should be able to eliminate that whole code block, but I don't think it will affect this issue. I don't know if this is related, but just above the pcap_select call in readip_pcap, we try to do a non-blocking read by doing pcap_setnonblock followed by pcap_next. The receive time on the packet is the same, so there's no difference in how fast the packet is processed the select call is the only thing delaying things. With the system libpcap, it waits the entire timeout (1 second for the first packet at least) before returning.
With our included libpcap, select returns almost immediately, since a packet is available on the pcap fd. Within readip_pcap, we call pcap_select (from libnetutil) to wait for a pcap fd to be available for reading. This sends exactly 1 SYN packet, receives exactly 1 SYNACK, and then the OS sends a RST (assuming no real network problems). Command to reproduce: nmap -n -Pn -p 80 -d -packet-trace. But I do see a solid reproducible difference between the two libpcaps in terms of time taken to get one packet. Ok, I'm not sure why packets are being dropped: maybe that's a bug on our end.
0 kommentar(er)
