[Winpcap-users] Can I capture inbound packets only?
Guy Harris
guy at alum.mit.edu
Tue Feb 14 23:23:14 GMT 2006
On Feb 14, 2006, at 2:52 PM, Greg Watson wrote:
> Well, one suggestion from Ben Greear was to use the PF_PACKET
> sockets on linux. I haven't tried that one.
PF_PACKET sockets are the underlying mechanism libpcap uses on Linux.
> Here's what I did:
>
> Since I am running on linux
Presumably you just now switched to Linux, as this wouldn't be the
right list for Linux libpcap questions; libpcap questions should go
to tcpdump-workers at tcpdump.org, and even questions about generic
libpcap functionality in WinPcap can go there. People will probably
assume that anybody asking questions here is asking them about
Windows, that being what the "Win" in "WinPcap", as in "winpcap-
users", stands for.
If you're now using Linux, and you have libpcap 0.9.x, you can just
use "pcap_setdirection()" to specify that you only want incoming packets
pcap_setdirection(p, PCAP_D_IN);
This works regardless of whether you're capturing on the "any" device
or not.
It also works on BSD systems. It doesn't work on any other platforms
(including Windows; I don't know whether a future WinPcap release
will implement it or not).
More information about the Winpcap-users
mailing list