[Winpcap-users] functions do the same purpose

Ahmed Elshaer a.n.elshaer at gmail.com
Sun Apr 7 16:27:18 PDT 2013 

thank u very much for your help


2013/4/8 Guy Harris <guy at alum.mit.edu>

>
> On Apr 7, 2013, at 2:47 PM, Ahmed Elshaer <a.n.elshaer at gmail.com> wrote:
>
> > what is the difference between
> > pcap_open     and pcap_open_live
>
> pcap_open() supports some options that pcap_open_live() doesn't, such as
> providing a user name and password for remote capture, some flags for
> remote capture, and an option to return packets as soon as they arrive.
>
> If you don't need any of the options that pcap_open() supports, and want
> your code to be portable to non-Windows systems, pcap_open_live() is the
> best choice.  pcap_open_live() is also a bit simpler to call. If you need
> those options, pcap_open() is the best choice.
>
> > findalldevs_ex and findalldevs
>
> pcap_findalldevs_ex() can ask a remote machine running the rpcap service
> what devices it has to capture on; pcap_findalldevs() can only check for
> local devices.
>
> If you don't need to support capturing from interfaces attached to other
> machines, and want your code to be portable to non-Windows systems,
> pcap_findalldevs() is the best choice.  It is also a bit simpler to call.
>  If you want to support capturing on interfaces attached to other machines,
> pcap_findalldevs_ex() is the best choice.
>
> > pacap_loop     and pcap_dispatch and pcap_next_ex
>
> pcap_loop() will keep reading packets until the specified count runs out
> or pcap_breakloop() is called (in another thread).
>
> pcap_dispatch() will do at most one blocking call into the OS per call to
> pcap_dispatch(); it's primarily intended for use when your program has a
> main loop using calls such as select()/poll()/etc. on UN*X or
> WaitForMultipleObjects()/MsgWaitForMultipleObjects() on Windows, so that
> the main loop is handling both packets and other things (network
> connections, devices, window system input events).
>
> Both pcap_loop() and pcap_dispatch() use callbacks to supply packets, and
> pcap_next_ex(), in effect, calls pcap_loop() with a count of 1 with its own
> callback that fills in some information that it then returns.  pcap_loop()
> and pcap_dispatch() might thus have less overhead, but you have to supply a
> callback rather than doing something simpler such as
>
>         for (;;) {
>                 get a packet with pcap_next_ex();
>                 if (error) {
>                         report the error;
>                         break;
>                 }
>                 process the packet;
>         }
>
> If you're not doing your own main loop in the fashion I described, there's
> no reason to use pcap_dispatch().  If you are, you would either use it or
> put the pcap_t into non-blocking mode and write your own loop using
> pcap_next_ex(), processing packets until you get an error or a "no packets
> available right now" indication, and then going back to the main loop to
> wait for an event.
>
> Whether to use pcap_loop() or pcap_next_ex(), in the case where you don't
> have your own main loop, depends on whether a callback or a loop of your
> own is more convenient, and whether the extra overhead of pcap_next_ex()
> actually makes a difference.
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20130408/b810d640/attachment.html>

More information about the Winpcap-users mailing list