pcap_open_live_sb Subroutine

Edit online

Purpose

Opens a network device for packet capture, allowing you to specify the buffer length of a Berkeley Packet Filter (BPF).

Library

pcap Library (libpcap.a)

Syntax

#include <pcap.h>
pcap_t * pcap_open_live_sb( const char *device, int snaplen,
int promisc, int to_ms, char *ebuf, int buflen )

Description

The pcap_open_live_sb subroutine opens the specified network device for packet capture. This subroutine allows you to specify the buffer size for the BPF to use in capturing the packets. You must run this subroutine before any packet capturing can occur. All other subroutines dealing with packet capture require the packet capture descriptor that is created and initialized with this subroutine.

To opening a previously saved file that contains packet capture data, use the pcap_open_offline subroutine.

Parameters

Item Description
buf_len Specifies the buffer size that the BPF is to use. If the system cannot provide memory of this size, the system will choose a smaller size.
device Specifies a string that contains the name of the network device to open for packet capture, for example, en0.
ebuf Returns error text and is only set when the pcap_open_live subroutine fails.
promisc Specifies that the device is to be put into the promiscuous mode. A value of 1 (True) turns the promiscuous mode on. If this parameter is zero (False), the device remains unchanged. In this case, if it has already been set to the promiscuous mode (for some other reason), it remains in this mode.
snaplen Specifies the maximum number of bytes to capture per packet.
to_ms Specifies the read timeout in milliseconds.

Return Values

If successful, the pcap_open_live_sb subroutine returns a pointer to the packet capture descriptor that is created. If the pcap_open_live_sb subroutine is unsuccessful, NULL is returned, and the text indicating the specific error is written into the ebuf buffer.