Hi,
I'm pretty new to c and pcap so hopefully this question does not seem
too basic. So, I want to be able to store captured packets in an array
for a small period of time.
At the moment I am able to capture packets using pcap_next();. This
function returns a pointer to the actual packet. With this pointer I
can do all sorts of useful things, however, what I really want to do is
store the data of the packet in an array. I have tried storing the
returned pointer but because that simply points to the mem location of
the last packet it creates an array of pointers that all point to the
same packet. What I really need to do is to store the data that the
returned pointer points to.
Reading about pcap_next() in the man page of pcap, it says:
"pcap_next() reads the next packet (by calling pcap_dispatch() with a
cnt of 1) and returns a u_char pointer to the data in that packet.
(The pcap_pkthdr struct for that packet is not supplied.)"
The final line of that entry confuses me, it says "The pcap_pkthdr
struct for that packet is not supplied". Does that mean that the
data that our returned pointer points to does not conform to
pcap_pkthdr struct?
Any hints or help would be appreciated,
Thanks
Dave
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
