Open the Network Interface
Once we have a network interface supplied by the user, or libpcap has located an appropriate interface, we can open the interface for packet capture:
pcap_t *handle;
handle = pcap_open_live (device, /* device to sniff on */
BUFSIZ, /* maximum number of bytes to capture per packet */
1, /* promisc - 1 to set card in promiscuous mode, 0 to not */
0, /* to_ms - amount of time to perform packet capture in milliseconds */
/* 0 = sniff until error */
errbuf); /* error message buffer if something goes wrong */
if (handle == NULL) /* there was an error */
{
fprintf (stderr, "%s", errbuf);
exit (1);
}
if (strlen (errbuf) > 0)
{
fprintf (stderr, "Warning: %s", errbuf); /* a warning was generated */
errbuf[0] = 0; /* reset error buffer */
}
pcap_t provides a packet-capture descriptor to the
opened session which is used throughout the tool.
pcap_t is a typedef of the
pcap structure that is used internally within
libpcap; however, the user should never need to
know what this structure actually contains.
The prototype for
pcap_open_live
is as follows:
pcap_t *pcap_open_live(const char *device, int snaplen, int promisc,
int to_ms, char *errbuf)The pcap_open_live function is used to open
network interfaces for packet capture, and as such it takes several
parameters, as shown in Table 10-1.
Table 10-1. Parameters to pcap_open_live
|
Parameter |
Description |
|---|---|
device |
The interface on which to capture traffic. This is either a string
such as |
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
