Network Security Tools by Nitesh Dhanjani, Justin Clarke

Synopsis

Purpose: pcap_dispatch captures and processes packets while observing read timeouts specified in pcap_open_live. The cnt parameter specifies the maximum number of packets that are to be processed. When reading from a live capture, 0 up to cnt packets can be processed depending on the status of the buffer. A cnt value of -1 processes all packets in the buffer or the entire file, if used on a saved file. The function specified by callback is the name of a function of the prototype void callback (u_char *user, const struct pcap_pkthdr *header, const u_char* packet). This function is called for each packet. The user parameter is a user-specifiable value that is passed to the callback function when it is invoked, and can be NULL. The function returns the number of packets processed if successful. 0 is returned if no packets were read (due to a read timeout, or if in nonblocking mode and no packets were available to be read), -1 if an error occurred, or -2 if a call to pcap_breakloop was made before any packets were captured. If an error has occurred, you can use pcap_perror( ) or pcap_geterr( ) to obtain the error message. Note that because of the way pcap_dispatch behaves with different platforms, it might not necessarily return immediately after a read timeout.