Package libpcap-devel

Libraries and header files for the libpcap library

http://www.tcpdump.org

Libpcap provides a portable framework for low-level network
monitoring. Libpcap can provide network statistics collection,
security monitoring and network debugging. Since almost every system
vendor provides a different interface for packet capture, the libpcap
authors created this system-independent API to ease in porting and to
alleviate the need for several system-dependent packet capture modules
in each application.

This package provides the libraries, include files, and other
resources needed for developing libpcap applications.

General Commands (Section 1)
pcap-config
When run with the --cflags option, pcap-config writes to the standard output the -I compiler flags required to include libpcap's header files. When run with the...
Library Functions (Section 3)
pcap.3pcap
The Packet Capture library provides a high level interface to packet capture systems. All packets on the network, even those destined for other hosts, are...
pcap_activate.3pcap
pcap_activate() is used to activate a packet capture handle to look at packets on the network, with the options that were set on the handle being in effect.
pcap_breakloop.3pcap
pcap_breakloop() sets a flag that will force pcap_dispatch() or pcap_loop() to return rather than looping; they will return the number of packets that have been...
pcap_can_set_rfmon.3pcap
pcap_can_set_rfmon() checks whether monitor mode could be set on a capture handle when the handle is activated.
pcap_close.3pcap
pcap_close() closes the files associated with p and deallocates resources.
pcap_compile.3pcap
pcap_compile() is used to compile the string str into a filter program. See pcap-filter(7) for the syntax of that string. program is a pointer to a bpf_program...
pcap_create.3pcap
pcap_create() is used to create a packet capture handle to look at packets on the network. source is a string that specifies the network device to open; on...
pcap_datalink.3pcap
pcap_datalink() returns the link-layer header type for the live capture or “savefile” specified by p. It must not be called on a pcap descriptor created by...
pcap_datalink_name_to_val.3pcap
pcap_datalink_name_to_val() translates a link-layer header type name, which is a DLT_ name with the DLT_ removed, to the corresponding link-layer header type...
pcap_datalink_val_to_name.3pcap
pcap_datalink_val_to_name() translates a link-layer header type value to the corresponding link-layer header type name. NULL is returned on failure...
pcap_dump.3pcap
pcap_dump() outputs a packet to the “savefile” opened with pcap_dump_open(). Note that its calling arguments are suitable for use with pcap_dispatch() or...
pcap_dump_close.3pcap
pcap_dump_close() closes the “savefile.”
pcap_dump_file.3pcap
pcap_dump_file() returns the standard I/O stream of the “savefile” opened by pcap_dump_open().
pcap_dump_flush.3pcap
pcap_dump_flush() flushes the output buffer to the “savefile,” so that any packets written with pcap_dump() but not yet written to the “savefile” will be...
pcap_dump_ftell.3pcap
pcap_dump_ftell() returns the current file position for the “savefile”, representing the number of bytes written by pcap_dump_open() and pcap_dump(). -1 is...
pcap_dump_open.3pcap
pcap_dump_open() is called to open a “savefile” for writing. fname specifies the name of the file to open. The file will have the same format as those used by...
pcap_file.3pcap
pcap_file() returns the standard I/O stream of the “savefile,” if a “savefile” was opened with pcap_open_offline(), or NULL, if a network device was opened with...
pcap_fileno.3pcap
If p refers to a network device that was opened for a live capture using a combination of pcap_create() and pcap_activate(), or using pcap_open_live()...
pcap_findalldevs.3pcap
pcap_findalldevs() constructs a list of network devices that can be opened with pcap_create() and pcap_activate() or with pcap_open_live(). (Note that there may...
pcap_freecode.3pcap
pcap_freecode() is used to free up allocated memory pointed to by a bpf_program struct generated by pcap_compile() when that BPF program is no longer needed...
pcap_geterr.3pcap
pcap_geterr() returns the error text pertaining to the last pcap library error. NOTE: the pointer it returns will no longer point to a valid error message...
pcap_get_selectable_fd.3pcap
pcap_get_selectable_fd() returns, on UNIX, a file descriptor number for a file descriptor on which one can do a select(), poll(), or other such call to wait for...
pcap_get_tstamp_precision.3pcap
pcap_get_tstamp_precision() returns the precision of the time stamp returned in packet captures on the pcap descriptor.
pcap_inject.3pcap
pcap_inject() sends a raw packet through the network interface; buf points to the data of the packet, including the link-layer header, and size is the number of...
pcap_is_swapped.3pcap
pcap_is_swapped() returns true (1) if p refers to a “savefile” that uses a different byte order than the current system. For a live capture, it always returns...
pcap_lib_version.3pcap
pcap_lib_version() returns a pointer to a string giving information about the version of the libpcap library being used; note that it contains more information...
pcap_list_datalinks.3pcap
pcap_list_datalinks() is used to get a list of the supported link-layer header types of the interface associated with the pcap descriptor. pcap_list_datalinks()...
pcap_list_tstamp_types.3pcap
pcap_list_tstamp_types() is used to get a list of the supported time stamp types of the interface associated with the pcap descriptor. pcap_list_tstamp_types()...
pcap_lookupdev.3pcap
pcap_lookupdev() returns a pointer to a string giving the name of a network device suitable for use with pcap_create() and pcap_activate(), or with...
pcap_lookupnet.3pcap
pcap_lookupnet() is used to determine the IPv4 network number and mask associated with the network device device. Both netp and maskp are bpf_u_int32 pointers.
pcap_loop.3pcap
pcap_loop() processes packets from a live capture or “savefile” until cnt packets are processed, the end of the “savefile” is reached when reading from a...
pcap_major_version.3pcap
If p refers to a “savefile”, pcap_major_version() returns the major number of the file format of the “savefile” and pcap_minor_version() returns the minor...
pcap_next_ex.3pcap
pcap_next_ex() reads the next packet and returns a success/failure indication. If the packet was read without problems, the pointer pointed to by the pkt_header...
pcap_offline_filter.3pcap
pcap_offline_filter() checks whether a filter matches a packet. fp is a pointer to a bpf_program struct, usually the result of a call to pcap_compile(). h...
pcap_open_dead.3pcap
pcap_open_dead() and pcap_open_dead_with_tstamp_precision() are used for creating a pcap_t structure to use when calling the other functions in libpcap. It is...
pcap_open_live.3pcap
pcap_open_live() is used to obtain a packet capture handle to look at packets on the network. device is a string that specifies the network device to open; on...
pcap_open_offline.3pcap
pcap_open_offline() and pcap_open_offline_with_tstamp_precision() are called to open a “savefile” for reading. fname specifies the name of the file to open. The...
pcap_set_buffer_size.3pcap
pcap_set_buffer_size() sets the buffer size that will be used on a capture handle when the handle is activated to buffer_size, which is in units of bytes.
pcap_set_datalink.3pcap
pcap_set_datalink() is used to set the current link-layer header type of the pcap descriptor to the type specified by dlt.
pcap_setdirection.3pcap
pcap_setdirection() is used to specify a direction that packets will be captured. d is one of the constants PCAP_D_IN, PCAP_D_OUT or PCAP_D_INOUT. PCAP_D_IN...
pcap_setfilter.3pcap
pcap_setfilter() is used to specify a filter program. fp is a pointer to a bpf_program struct, usually the result of a call to pcap_compile().
pcap_set_immediate_mode.3pcap
pcap_set_immediate_mode() sets whether immediate mode should be set on a capture handle when the handle is activated. If immediate_mode is non-zero, immediate...
pcap_setnonblock.3pcap
pcap_setnonblock() puts a capture handle into “non-blocking” mode, or takes it out of “non-blocking” mode, depending on whether the nonblock argument is...
pcap_set_promisc.3pcap
pcap_set_promisc() sets whether promiscuous mode should be set on a capture handle when the handle is activated. If promisc is non-zero, promiscuous mode will...
pcap_set_rfmon.3pcap
pcap_set_rfmon() sets whether monitor mode should be set on a capture handle when the handle is activated. If rfmon is non-zero, monitor mode will be set...
pcap_set_snaplen.3pcap
pcap_set_snaplen() sets the snapshot length to be used on a capture handle when the handle is activated to snaplen.
pcap_set_timeout.3pcap
pcap_set_timeout() sets the read timeout that will be used on a capture handle when the handle is activated to to_ms, which is in units of milliseconds. The...
pcap_set_tstamp_precision.3pcap
pcap_set_tstamp_precision() sets the precision of the time stamp desired for packets captured on the pcap descriptor to the type specified by tstamp_precision...
pcap_set_tstamp_type.3pcap
pcap_set_tstamp_type() sets the the type of time stamp desired for packets captured on the pcap descriptor to the type specified by tstamp_type. It must be...
pcap_snapshot.3pcap
pcap_snapshot() returns the snapshot length specified when pcap_set_snapshot() or pcap_open_live() was called, for a live capture, or the snapshot length from...
pcap_stats.3pcap
pcap_stats() fills in the struct pcap_stat pointed to by its second argument. The values represent packet statistics from the start of the run to the time of...
pcap_statustostr.3pcap
pcap_statustostr() converts a PCAP_ERROR_ or PCAP_WARNING_ value returned by a libpcap routine to an error string.
pcap_strerror.3pcap
pcap_strerror() is provided in case strerror(3) isn't available. It returns an error message string corresponding to error.
pcap_tstamp_type_name_to_val.3pcap
pcap_tstamp_type_name_to_val() translates a time stamp type name to the corresponding time stamp type value. The translation is case-insensitive.
pcap_tstamp_type_val_to_name.3pcap
pcap_tstamp_type_val_to_name() translates a time stamp type value to the corresponding time stamp type name. NULL is returned on failure...
File Formats (Section 5)
pcap-savefile
NOTE: applications and libraries should, if possible, use libpcap to read savefiles, rather than having their own code to read savefiles. If, in the future, a...