Hi I have a program that captures packets with the libpcap library by calling the pcap-functions, e.g.
.
I would like to use PF_RING for the program and therefore I would have to adjust the calling functions to
I'm pretty knew in network programming and I was hopping that you could help me out, is that everything I would have to do just change the pcap-calls to the pfring calls or are there other things to consider?
I don't know if this is the correct forum to post this but hopefully someone can atleast point me in the right direction if they can't help me.
I am trying to install the Net::Pcap module for perl from Tim Potter version .04. I have installed gcc 2.95.3 on my Solaris 8 box. I am sure it's just... (6 Replies)
Hello everybody!!
I am currently doing my intership and I need some tips for Pcap.h.
I search some tips tp filter my paquets in a C program with the Pcap.h librairy. The onlys thing I have found is thaht I can filter low level protocol with their name like (tcp/udp..). But for the higher... (3 Replies)
Hi,
I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap... (1 Reply)
Hi,
I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap... (4 Replies)
Hi,
i am using a linux CentOS machine. I have 2 real network interfaces
eth0, eth1 and 2 virtual interfaces tap0 and tap1. I am using PCAP library to capture
the packets on theses interfaces. If i specify the interface as "any",
i cannot find a way to know from which interface the packet... (1 Reply)
Hi,
I have a standard pcap file created using tcpdump. The file looks like
06:49:36.487629 IP 202.1.175.252 > 71.126.222.64: ICMP echo request, id 52765, seq 1280, length 40
06:49:36.489552 IP 192.120.148.227 > 71.126.222.64: ICMP echo request, id 512, seq 1280, length 40
06:49:36.491812 IP... (8 Replies)
Dear All,
Which is better to use ? Ascii or Pcap tracing ? Or are they complementary ? (1 Reply)
Discussion started by: knowledgeSeeker
1 Replies
LEARN ABOUT MOJAVE
pcap_open_dead
PCAP_OPEN_DEAD(3PCAP)PCAP_OPEN_DEAD(3PCAP)NAME
pcap_open_dead, pcap_open_dead_with_tstamp_precision - open a fake pcap_t for compiling filters or opening a capture for output
SYNOPSIS
#include <pcap/pcap.h>
pcap_t *pcap_open_dead(int linktype, int snaplen);
pcap_t *pcap_open_dead_with_tstamp_precision(int linktype, int snaplen,
u_int precision);
DESCRIPTION
pcap_open_dead() and pcap_open_dead_with_tstamp_precision() are used for creating a pcap_t structure to use when calling the other func-
tions in libpcap. It is typically used when just using libpcap for compiling BPF code; it can also be used if using pcap_dump_open(),
pcap_dump(), and pcap_dump_close() to write a savefile if there is no pcap_t that supplies the packets to be written.
linktype specifies the link-layer type for the pcap_t.
snaplen specifies the snapshot length for the pcap_t.
When pcap_open_dead_with_tstamp_precision(), is used to create a pcap_t for use with pcap_dump_open(), precision specifies the time stamp
precision for packets; PCAP_TSTAMP_PRECISION_MICRO should be specified if the packets to be written have time stamps in seconds and
microseconds, and PCAP_TSTAMP_PRECISION_NANO should be specified if the packets to be written have time stamps in seconds and nanoseconds.
Its value does not affect pcap_compile().
SEE ALSO pcap(3PCAP), pcap_compile(3PCAP), pcap_dump_open(3PCAP), pcap-linktype(7)
3 January 2014 PCAP_OPEN_DEAD(3PCAP)