|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Aidan Kehoe (kehoea
parhasard.net)Date: Sun Feb 18 2001 - 12:15:13 CST
On February 18, Dan Shechter wrote:
> Hi,
>
> I want to handle all the TCP packets on specific interface, with out the
> kernel is getting them.
> What should I do? Should I use Libcap?
>
Umm, the kernel is going to get them, no matter what. That's where the
network card drivers live. If you want to avoid the protocol stack
getting them, then yes, libpcap (note the p) seems to be the way to
go, at least from what (little) of the relevant documentation I've read.
See the libpcap docs and ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z .
- Aidan
-- "... We may stumble along the way but civilization, yes, the Geneva convention, chamber music, Susan Sontag, yes, civilization." -- Gremlins 2; The New Batch
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]