[Winpcap-users] hello,i ask about,pcap-open-live()

Guy Harris guy at alum.mit.edu
Tue Jul 14 11:52:18 PDT 2009


On Jul 14, 2009, at 1:59 AM, yalogr wrote:

> <first question1.>
> i have pcap_setfilter(arp)---i just wang to recv arp packets.now...

Then you should set up a filter:

	struct bpf_program arp_filter;

		...

	if (pcap_compile(adhandle, &arp_filter, "arp", 1, 0) == -1) {
		fprintf(stderr, "Can't compile the program \"arp\": %s\n",
		    pcap_geterr(adhandle);
		exit(2);
	}
	if (pcap_setfilter(adhandle, &arp_filter) == -1) {
		fprintf(stderr, "Can't set the filter: %s\n",
		    pcap_geterr(adhandle);
		exit(2);
	}

and *then* call pcap_loop(); your dispatch_handler routine should only  
see ARP packets.

> or ip,icmp-packets...

Use a different filter, such as "ip" for IPv4, "icmp" for ICMP, etc..


More information about the Winpcap-users mailing list