I'm trying to collect level 2 packets on my ethernet network. The only thing happening on that network is that a device is spitting out ieee1722/AVB frames.
I've installed WinPcap, and started with the most basic example. Each call to pcap_next_ex is returning 0, indicating that no packets have been received. I opened up Wireshark, and started monitoring on that interface -- and there, my program starts to receive packets.
I've tried this on two interfaces, the built in Intel I218-LM and a cheapo Ethernet-To-USB dongle. Both interfaces connected the to AVB network do not return frames until I start monitoring in Wireshark on that interface. Both will show the random office ethernet traffic when connected to that network, without the assist from Wireshark.
I've also tried calling pcap_set_datalink after pcap_open to set the link type to both DLT_EN10MB (no change) and DLT_RAW (function returns error). None of the other types seemed relevant for me.
Of course, Wireshark uses WinPcap itself, but I cannot figure out what Wireshark is doing to make this work. What's going on here?
Update: I noticed when my application exited, it also stopped the capture on Wireshark. I can have both active at the same time, but my application needs to start capturing first. I found Wireshark stops capturing after pcap_finalldevs_ex or pcap_open_live is called. I can't find how Wireshark is initializing any different than I am, although their code is kind of hard to follow because of all the conditional enable/disable blocks.
pcap_set_datalink. I didn't follow everything in there too close, so I'm going to eventually backtrack there. – flndr