<div dir="rtl"><div dir="ltr">thank u very much for your help<br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div dir="ltr">2013/4/8 Guy Harris <span dir="ltr"><<a href="mailto:guy@alum.mit.edu" target="_blank">guy@alum.mit.edu</a>></span></div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><br>
On Apr 7, 2013, at 2:47 PM, Ahmed Elshaer <<a href="mailto:a.n.elshaer@gmail.com">a.n.elshaer@gmail.com</a>> wrote:<br>
<br>
> what is the difference between<br>
> pcap_open and pcap_open_live<br>
<br>
</div>pcap_open() supports some options that pcap_open_live() doesn't, such as providing a user name and password for remote capture, some flags for remote capture, and an option to return packets as soon as they arrive.<br>
<br>
If you don't need any of the options that pcap_open() supports, and want your code to be portable to non-Windows systems, pcap_open_live() is the best choice. pcap_open_live() is also a bit simpler to call. If you need those options, pcap_open() is the best choice.<br>
<br>
> findalldevs_ex and findalldevs<br>
<br>
pcap_findalldevs_ex() can ask a remote machine running the rpcap service what devices it has to capture on; pcap_findalldevs() can only check for local devices.<br>
<br>
If you don't need to support capturing from interfaces attached to other machines, and want your code to be portable to non-Windows systems, pcap_findalldevs() is the best choice. It is also a bit simpler to call. If you want to support capturing on interfaces attached to other machines, pcap_findalldevs_ex() is the best choice.<br>
<div class="im"><br>
> pacap_loop and pcap_dispatch and pcap_next_ex<br>
<br>
</div>pcap_loop() will keep reading packets until the specified count runs out or pcap_breakloop() is called (in another thread).<br>
<br>
pcap_dispatch() will do at most one blocking call into the OS per call to pcap_dispatch(); it's primarily intended for use when your program has a main loop using calls such as select()/poll()/etc. on UN*X or WaitForMultipleObjects()/MsgWaitForMultipleObjects() on Windows, so that the main loop is handling both packets and other things (network connections, devices, window system input events).<br>
<br>
Both pcap_loop() and pcap_dispatch() use callbacks to supply packets, and pcap_next_ex(), in effect, calls pcap_loop() with a count of 1 with its own callback that fills in some information that it then returns. pcap_loop() and pcap_dispatch() might thus have less overhead, but you have to supply a callback rather than doing something simpler such as<br>
<br>
for (;;) {<br>
get a packet with pcap_next_ex();<br>
if (error) {<br>
report the error;<br>
break;<br>
}<br>
process the packet;<br>
}<br>
<br>
If you're not doing your own main loop in the fashion I described, there's no reason to use pcap_dispatch(). If you are, you would either use it or put the pcap_t into non-blocking mode and write your own loop using pcap_next_ex(), processing packets until you get an error or a "no packets available right now" indication, and then going back to the main loop to wait for an event.<br>
<br>
Whether to use pcap_loop() or pcap_next_ex(), in the case where you don't have your own main loop, depends on whether a callback or a loop of your own is more convenient, and whether the extra overhead of pcap_next_ex() actually makes a difference.<br>
_______________________________________________<br>
Winpcap-users mailing list<br>
<a href="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</a><br>
<a href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target="_blank">https://www.winpcap.org/mailman/listinfo/winpcap-users</a><br>
</blockquote></div><br></div>