Skip to content
pcapfun - having fun with libpcap
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


pcapfun - having fun with libpcap

I was just messing around with libpcap, and this is the result so far.

The code compiles on OSX and Linux, so I guess it would also compile on
FreeBSD and probably on other BSD's too.

You must provide a device (to capture the packets on) and a pcap filter.
If you know don't know how a pcap filter looks like, check the manpage
of tcpdump or pcap-filter, it's the same type of filter that you provide
to tcpdump or wireshark/tshark, but as a single argument instead.

    ./pcapfun eth0 "udp and port 666"

I didn't spend too much effort on the interface, so for the time being,
if you don't want a filter, just run it like this:

    ./pcapfun eth0 ""

It will open the device, set the filter on the device, check the link
type you are capturing packets on, determine which protocol handler to
use for this link type, then capture and handle a total of 10 packets
that match the filter expression.

Only a very limited set of link types and protocol handlers are
implemented so far, but more will follow.

Experiment with the source if you want it to do so something else!

Something went wrong with that request. Please try again.