tcpdump mailing list archives
Re: Devices and adresses in libpcap
From: "David Rosal" <drosalri () gmail com>
Date: Sun, 13 Apr 2008 15:03:13 +0200
2008/4/13, Giovanni Venturi <giovanni () ksniffer org>:
You should add on the website what libpcap++ has in addition to libpcap in details, Giovanni
Well, libpcap++ is only a wrapper, and it does not add any new feature to libpcap, except maybe the abbility to retrieve some attributes of pcap descriptors that are hidden in libpcap. In other words: all you can do with libpcap can be done with libpcap++, but with less lines of code, and in a cleaner and safer way. Here's a little program that captures the first 10 TCP packets seen on interface wlan1, and writes them in a savefile called out. With error checking, of course. First the C version: 8<----------------------------------------- #include <pcap.h> static void handler(u_char *user, const struct pcap_pkthdr *header, const u_char *datap) { pcap_dump(user, header, datap); } int main() { pcap_t* pcap; pcap_dumper_t* dumper; struct bpf_program bpf; char ebuf[PCAP_ERRBUF_SIZE + 1]; if (!(pcap = pcap_open_live("wlan1", 64, 1, 0, ebuf))) errx("pcap_open_live(): %s", ebuf); if (pcap_compile(pcap, &bpf, "tcp", 0, 0) < 0) errx("pcap_compile(): %s", pcap_geterr(pcap)); if (pcap_setfilter(pcap, &bpf) < 0) errx("pcap_setfilter(): %s", pcap_geterr(pcap)); pcap_freecode(&bpf); if (!(dumper = pcap_dump_open(pcap, "out"))) errx("pcap_dump_open(): %s", pcap_geterr(pcap)); if (pcap_loop(pcap, 10, handler, (u_char *)dumper) < 0) errx("pcap_loop(): %s", pcap_geterr(pcap)); pcap_close(pcap); pcap_dump_close(dumper); } ------------------------------------------->8 Now the C++ version: 8<---------------------------------------- #include <pcap++.h> #include <iostream> using namespace pcappp; void handler(Pcap& pcap, Packet const& pkt) { pcap.get_dumper().dump(pkt); } int main() { try { PcapLive pcap("wlan1"); pcap.set_filter("tcp"); pcap.get_dumper().open("out"); pcap.loop(handler, 10); } catch (Exception& x) { std::cerr << x.what() << std::endl; } } -------------------------------------->8 What do you think? I personally prefer the C++ code, since it is more brief and clear. And the performance should be almost the same, as critical methods like Pcap::get_dumper() have been inlined in libpcap++. BTW: Thanks for your comment. I hace found a bug in Pcap::set_filter() while writing the above snippets :-P Cheers, ~David - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Devices and adresses in libpcap David Rosal (Apr 12)
- Re: Devices and adresses in libpcap Guy Harris (Apr 12)
- Re: Devices and adresses in libpcap David Rosal (Apr 13)
- Re: Devices and adresses in libpcap Giovanni Venturi (Apr 13)
- Re: Devices and adresses in libpcap David Rosal (Apr 13)
- Re: Devices and adresses in libpcap Guy Harris (Apr 13)
- Re: Devices and adresses in libpcap David Rosal (Apr 13)
- Re: Devices and adresses in libpcap Eloy Paris (Apr 14)
- Re: Devices and adresses in libpcap David Rosal (Apr 13)
- Re: Devices and adresses in libpcap Guy Harris (Apr 12)