Name
pcap_open_live — Prototype: pcap_t *pcap_open_live(const char *device, int snaplen, int promisc, int
to_ms, char *errbuf)
Synopsis
Purpose: pcap_open_live
is used to open a live
packet-capturing session from the network interface
device
(for example, eth0
on
Linux, or le0
on a Sun Sparc).
device
can be NULL
or
any
on recent Linux systems, in which case all
interfaces are used for packet capture. snaplen
specifies the length in bytes to be captured. If you want to capture
the entire packet, set this to more than the packet size, including
headers for the link type you are capturing from (65,535 should be
sufficient). promisc
should be
1
if the interface should be put into promiscuous
mode or 0
otherwise. When a network interface is
in promiscuous mode, and promiscuous mode is supported by the
underlying data link layer, it captures all traffic on the network,
regardless of whether it is intended for the host running the packet
capture. This does not have any effect if the device is set to
NULL
or any
. The parameter
to_ms
specifies a read timeout in milliseconds for
when read operations should not necessarily return immediately when a
packet is seen, therefore allowing us to capture multiple packets in
one read operation. to_ms
is not supported on all
platforms (for unsupported systems, this value is ignored), and is
useful mostly if you’re going to use
pcap_dispatch
in nonblocking mode. A value of
0
causes libpcap to wait
until packets arrive. pcap_open_live
returns
NULL
is the ...
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.