My current code (before using libpcap) uses this very method.
I set up a raw socket, set the DEMUX type, and I capture traffic. The problem
with this approach is that it seems to have a fair bit of overhead in the OS.
(At least on the Mac.) I have to throttle traffic down my hardware to about 25
On Mar 24, 2013, at 2:59 PM, Guy Harris wrote:
> Arguably, something like Linux's PF_PACKET sockets would be best for people
> trying to implement protocols atop the link-layer, as (either when not in
> memory-mapped mode, or when in TPACKET_V1 or TPACKET_V2 memory-mapped mode)
> it has no ti
On Mar 24, 2013, at 12:18 PM, Robert Monaghan wrote:
> Basically, I count blocks until I get everything that I need. At that point,
> I do a breakloop.
Is the total block count available at the time you call pcap_loop()? If so,
just pass that in to pcap_loop() as the count.
> This seems to
Ok,
So I just stumbled into a "sort of" solution. I have to do a wide-spread test,
first, to see if this is really a fix:
I just set my timeout to 1ms using pcap_set_timeout,
I then added the following to my callback:
void processSingleImage(u_char *args, const struct pcap_pkthdr *header, const
