I have written a application, which uses libpcap to capture packets. But the application can only capture a few packets, the traffic is about several kbps. But the captured traffic will be over 10Mbps if tcpdump is opened. When tcpdump is closed, the captured traffic dropped to several kbps again.
Anyone know why? Thank you very much.
If you're calling pcap_open_live(), you're probably passing 0 as the ''promisc'' argument. If you're calling pcap_create() and pcap_activate(), you're probably not calling pcap_set_promisc() between those calls (or are passing pcap_set_promisc() a ''promisc'' argument of 0).
I.e., you're probably not turning promiscuous mode on, so your machine is only capturing traffic to and from your machine, not other traffic on the network. Tcpdump, by default, turns promiscuous mode on, so, while it's running, the adapter on which you're capturing, which is probably the same adapter as the one on which tcpdump is capturing, is in promiscuous mode, and you'll see other traffic on your network.
