Capture and Process Packets

libpcap has several options for handling the capture and processing of packets. The three main functions for capturing and processing packets are shown in Table 10-4.

Table 10-4. libpcap packet-capture functions

Function

Prototype

Description

pcap_next_ex
 
int pcap_next_ex 
(pcap_t *p,
struct pcap_pkthdr **pkt_header,
const u_char **pkt_data)

Reads the next packet from the capture session, returning success or failure. The following values are returned:

1

Packet was read.

0

Timeout expired.

-1

An error occurred.

-2

Packets are being read from a saved file, and no more packets are available.

If the packet was read, the pkt_header and pkt_data pointers are set to the packet header and packet data, respectively.

pcap_dispatch
 
int pcap_dispatch
(pcap_t *p,
int cnt,
pcap_handler callback,
u_char *user)

Reads up to cnt packets from the session. A cnt value of -1 reads all packets in the buffer. pcap_dispatch uses a callback function (discussed in a bit) to process packets, and returns the number of packets processed. pcap_dispatch returns when a read timeout occurs on supported platforms.

The user value is a user-specified value to be passed to the callback function, and can be NULL.

pcap_loop
 
int pcap_loop
(pcap_t *p,
int cnt,
pcap_handler callback,
u_char *user)

Reads cnt packets from the session. pcap_loop uses a callback function to process packets, loops forever until cnt packets are processed (a value of -1 loops forever), and returns the ...

Get Network Security Tools now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial