Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Libpcap: Set a filter. (C)
Top Forums Programming Libpcap: Set a filter. (C) Post 302321933 by fpmurphy on Tuesday 2nd of June 2009 11:17:01 AM
Old 06-02-2009
Why not just use pcap_loop() and have have a simple counter in your callback function to only actually process every 10th packet.
 

8 More Discussions You Might Find Interesting

1. Programming

Extract payload with libpcap

hi! :) im having a problem while extracting payload from a tcp packet that is captured with libpcap. this is what ive got so far: const struct ethernet_header *ethernet; const struct ip_header *ip; const struct tcp_header *tcp; const char *payload; u_int size_ip; ... (0 Replies)
Discussion started by: shuwo
0 Replies

2. Programming

using libpcap with timeout

I want to write a small application using Libpcap in C on Linux. Currently, it starts to sniff and waits for the packets. But that's not what I need actually. I want it to wait for N seconds and then stop listening. (I think there's something wrong with my usage of 'pcap_open_live'...) How... (0 Replies)
Discussion started by: xyzt
0 Replies

3. Shell Programming and Scripting

How set filter netstat -an | grep -P '\:'38''

Hi, I can write sh script for Linux platform I run: netstat -an | grep -P '\:'38''| grep ESTABLISHED but result: # netstat -an | grep -P '\:'38''| grep ESTABLISHED tcp 0 0 172.16.1.107:383 172.16.1.81:49981 ESTABLISHED tcp 0 0... (8 Replies)
Discussion started by: ostapv
8 Replies

4. Shell Programming and Scripting

Filter a .kml file (xml) with data set from text file

I have a .kml file. So I want filter the .kml to get only the tags that have this numeric codes that they are in a text file 11951 11952 74014 11964 11965 11969 11970 11971 11972 60149 74018 74023 86378 11976 11980 11983 11984 11987 (5 Replies)
Discussion started by: pcoj33
5 Replies

5. UNIX for Dummies Questions & Answers

Command line / script option to filter a data set by values of one column

Hi all! I have a data set in this tab separated format : Label, Value1, Value2 An instance is "data.txt" : 0 1 1 -1 2 3 0 2 2 I would like to parse this data set and generate two files, one that has only data with the label 0 and the other with label -1, so my outputs should be, for... (1 Reply)
Discussion started by: gnat01
1 Replies

6. Shell Programming and Scripting

awk script to filter the numbers which are around the set value

Hi All, I have one sensor output(over the same) for a set value of 20. Time(in Sec), Data 1, 16 2, 20 3, 24 4, 22 5, 21 6, 20 7, 19.5 8, 20 9, 20.5 10, 20 11, 20 12, 19.5 Here we can see like after 5 sec of time the data value reaches to 20+-0.5 range. So I... (7 Replies)
Discussion started by: ks_reddy
7 Replies

7. Shell Programming and Scripting

awk : Filter a set of data to parse header line and last field of multiple same match.

Hi Experts, I have a data with multiple entry , I want to filter PKG= & the last column "00060110" or "00088150" in the output file: ############################################################################################### PKG= P8SDB :: VGS = vgP8SOra vgP8SDB1 vgP8S001... (5 Replies)
Discussion started by: rveri
5 Replies

8. UNIX for Beginners Questions & Answers

Need to filter the result set within 2 time frame

my sample file is like this $cat onefile 05/21/18 13:10:07 ABRT US1CPDAY Status 1 05/21/18 21:18:54 ABRT DailyBackup_VFFPRDAPENTL01 Status 6 05/21/18 21:26:24 ABRT DailyBackup_VFFPRDAPENTL02 Status 6 05/21/18 21:57:36 ABRT DailyBackup_vm-ea1ffpreng01 Status 6... (7 Replies)
Discussion started by: gotamp
7 Replies

LEARN ABOUT DEBIAN

pcap_dispatch

PCAP_LOOP(3PCAP)														  PCAP_LOOP(3PCAP)

NAME

       pcap_loop, pcap_dispatch - process packets from a live capture or savefile

SYNOPSIS

       #include <pcap/pcap.h>

       typedef void (*pcap_handler)(u_char *user, const struct pcap_pkthdr *h,
				   const u_char *bytes);

       int pcap_loop(pcap_t *p, int cnt,
	       pcap_handler callback, u_char *user);
       int pcap_dispatch(pcap_t *p, int cnt,
	       pcap_handler callback, u_char *user);

DESCRIPTION

       pcap_loop()  processes  packets from a live capture or ``savefile'' until cnt packets are processed, the end of the ``savefile'' is reached
       when reading from a ``savefile'', pcap_breakloop() is called, or an error occurs.  It does not return when live	read  timeouts	occur.	 A
       value of -1 or 0 for cnt is equivalent to infinity, so that packets are processed until another ending condition occurs.

       pcap_dispatch()	processes packets from a live capture or ``savefile'' until cnt packets are processed, the end of the current bufferful of
       packets is reached when doing a live capture, the end of the ``savefile'' is reached when reading from a ``savefile'', pcap_breakloop()	is
       called,	or an error occurs.  Thus, when doing a live capture, cnt is the maximum number of packets to process before returning, but is not
       a minimum number; when reading a live capture, only one bufferful of packets is read at a time, so fewer than cnt packets may be processed.
       A  value  of  -1 or 0 for cnt causes all the packets received in one buffer to be processed when reading a live capture, and causes all the
       packets in the file to be processed when reading a ``savefile''.

       (In older versions of libpcap, the behavior when cnt was 0 was undefined; different platforms and devices behaved differently, so code that
       must work with older versions of libpcap should use -1, nor 0, as the value of cnt.)

       callback  specifies  a  pcap_handler  routine  to  be called with three arguments: a u_char pointer which is passed in the user argument to
       pcap_loop() or pcap_dispatch(), a const struct pcap_pkthdr pointer pointing to the packet time  stamp  and  lengths,  and  a  const  u_char
       pointer	to  the  first caplen (as given in the struct pcap_pkthdr a pointer to which is passed to the callback routine) bytes of data from
       the packet.  The struct pcap_pkthdr and the packet data are not to be freed by the callback routine, and are not  guaranteed  to  be  valid
       after the callback routine returns; if the code needs them to be valid after the callback, it must make a copy of them.

RETURN VALUE

       pcap_loop() returns 0 if cnt is exhausted, -1 if an error occurs, or -2 if the loop terminated due to a call to pcap_breakloop() before any
       packets were processed.	It does not return when live read timeouts occur; instead, it attempts to read more packets.

       pcap_dispatch() returns the number of packets processed on success; this can be 0 if no packets were read from  a  live	capture  (if,  for
       example, they were discarded because they didn't pass the packet filter, or if, on platforms that support a read timeout that starts before
       any packets arrive, the timeout expires before any packets arrive, or if the file descriptor for the capture device is in non-blocking mode
       and no packets were available to be read) or if no more packets are available in a ``savefile.''  It returns -1 if an error occurs or -2 if
       the loop terminated due to a call to pcap_breakloop() before any packets were processed.  If your application uses  pcap_breakloop(),  make
       sure that you explicitly check for -1 and -2, rather than just checking for a return value < 0.

       If -1 is returned, pcap_geterr() or pcap_perror() may be called with p as an argument to fetch or display the error text.

SEE ALSO

       pcap(3PCAP), pcap_geterr(3PCAP), pcap_breakloop(3PCAP)

								 24 December 2008						  PCAP_LOOP(3PCAP)
All times are GMT -4. The time now is 11:26 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy