> The capturing of packet is actually done by the bpf mechanism, right ?
On systems with BPF, yes. On systems without BPF, no, it's done by some other mechanism. > What all does libpcap provide ? > > - system independance (for diff OS) Yes. > - protocol independance( for ethernet/ppp etc) No. It supplies, to the program using it, raw packets *including* the link-layer header; that program has the responsibility of knowing how to parse link-layer headers. The only protocol independence it provides in that regard is that the filter compiler lets you specify an expression such as "host 127.0.0.1", and the compiler will generate the appropriate code to check for IPv4 packets and check the source and destination IP addresses at the appropriate offset from the beginning of the frame. > - does miscellaneous functions like > - compiling the bpf filter needed. Yes. > - initializes interface , sets correct buffer needed. Yes. > Is there any MAJOR functionality i am missing ? Well, libpcap 0.7 has calls to get a list of interface names, flags, and addresses for each of those interfaces; that, however, is at least in part just system independence, hiding the different ways you do that on different OSes from the application. It also includes code to *write* capture files, as well as to read them (allowing some applications, e.g. tcpdump, either to read live captures or saved capture files without the application's main loop being different). - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
