Open the Network Interface
Once we have a network interface supplied by the user, or libpcap has located an appropriate interface, we can open the interface for packet capture:
pcap_t *handle; handle = pcap_open_live (device, /* device to sniff on */ BUFSIZ, /* maximum number of bytes to capture per packet */ 1, /* promisc - 1 to set card in promiscuous mode, 0 to not */ 0, /* to_ms - amount of time to perform packet capture in milliseconds */ /* 0 = sniff until error */ errbuf); /* error message buffer if something goes wrong */ if (handle == NULL) /* there was an error */ { fprintf (stderr, "%s", errbuf); exit (1); } if (strlen (errbuf) > 0) { fprintf (stderr, "Warning: %s", errbuf); /* a warning was generated */ errbuf[0] = 0; /* reset error buffer */ }
pcap_t
provides a packet-capture descriptor to the
opened session which is used throughout the tool.
pcap_t
is a typedef of the
pcap
structure that is used internally within
libpcap; however, the user should never need to
know what this structure actually contains.
The prototype for
pcap_open_live
is as follows:
pcap_t *pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *errbuf)
The pcap_open_live
function is used to open
network interfaces for packet capture, and as such it takes several
parameters, as shown in Table 10-1.
Table 10-1. Parameters to pcap_open_live
Parameter |
Description |
---|---|
device |
The interface on which to capture traffic. This is either a string
such as |
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.