Configure Packet-Capture Options
Once we have an active packet-capture interface we can determine or set a number of options before we start capturing packets from the interface. For example, we can determine the type of interface that has been opened:
if (pcap_datalink (handle) != DLT_EN10MB)
{
fprintf (stderr, "This program only supports Ethernet cards!\n");
exit (1);
}The pcap_datalink function returns the type of the
underlying link layer from the pcap_t handle
passed to it.
The prototype for pcap_datalink is as follows:
int pcap_datalink(pcap_t *p)
This function will generate an error if the selected network interface was not an Ethernet interface (10MB, 100MB, 1000MB, or more). It is wise to check the data link type before trying to manipulate data captured from the network interface, as this determines what format the data is in.
The data link layers that libpcap can return include network data link types (such as Ethernet), as well as encapsulation types such as the common dial-up Point to Point Protocol (PPP) and OpenBSD pflog. Table 10-2 shows supported link types as of libpcap Version 0.8.3.
Table 10-2. Link layers supported by libpcap
|
Data link type |
Description |
|---|---|
|
DLT_EN10MB |
Ethernet devices, including 10MB, 100MB, 1000MB, and up |
|
DLT_IEEE802_11 |
802.11 wireless devices; can include all the different variants of 802.11, including 802.11, 802.11a, 802.11b, 802.11g, and so on |
|
DLT_NULL |
BSD loop-back encapsulation |
|
DLT_IEEE802 |
802.5 token ring devices |
|
DLT_ARCNET |
ARCNET devices ... |
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
