<span class="comment">/* Free the device list */</span>        <a class="code" href="group__wpcapfunc.html#g346b4b0b7fd1cda4abb9a39f767dbeb1" title="Free an interface list returned by pcap_findalldevs().">pcap_freealldevs</a>(alldevs);        <span class="keywordflow">return</span> -1;    }        <span class="comment">/* Jump to the selected adapter */</span>    <span class="keywordflow">for</span>(d=alldevs, i=0; i&lt; inum-1 ;d=d-&gt;<a class="code" href="structpcap__if.html#81508e6e4e41ca4235c8d6b51913c536" title="if not NULL, a pointer to the next element in the list; NULL for the last element...">next</a>, i++);        <span class="comment">/* Open the device */</span>    <span class="keywordflow">if</span> ( (adhandle= <a class="code" href="group__wpcapfunc.html#g2b64c7b6490090d1d37088794f1f1791" title="Open a generic source in order to capture / send (WinPcap only) traffic.">pcap_open</a>(d-&gt;<a class="code" href="structpcap__if.html#5ac083a645d964373f022d03df4849c8" title="a pointer to a string giving a name for the device to pass to pcap_open_live()">name</a>,          <span class="comment">// name of the device</span>                              65536,            <span class="comment">// portion of the packet to capture</span>                                                <span class="comment">// 65536 guarantees that the whole packet will be captured on all the link layers</span>                              <a class="code" href="group__remote__open__flags.html#g9134ce51a9a6a7d497c3dee5affdc3b9" title="Defines if the adapter has to go in promiscuous mode.">PCAP_OPENFLAG_PROMISCUOUS</a>,    <span class="comment">// promiscuous mode</span>                              1000,             <span class="comment">// read timeout</span>                              NULL,             <span class="comment">// authentication on the remote machine</span>                              errbuf            <span class="comment">// error buffer</span>                              ) ) == NULL)    {        fprintf(stderr,<span class="stringliteral">"\nUnable to open the adapter. %s is not supported by WinPcap\n"</span>, d-&gt;<a class="code" href="structpcap__if.html#5ac083a645d964373f022d03df4849c8" title="a pointer to a string giving a name for the device to pass to pcap_open_live()">name</a>);        <span class="comment">/* Free the device list */</span>        <a class="code" href="group__wpcapfunc.html#g346b4b0b7fd1cda4abb9a39f767dbeb1" title="Free an interface list returned by pcap_findalldevs().">pcap_freealldevs</a>(alldevs);        <span class="keywordflow">return</span> -1;    }        printf(<span class="stringliteral">"\nlistening on %s...\n"</span>, d-&gt;<a class="code" href="structpcap__if.html#8444d6e0dfe2bbab0b5e7b24308f1559" title="if not NULL, a pointer to a string giving a human-readable description of the device...">description</a>);        <span class="comment">/* At this point, we don't need any more the device list. Free it */</span>    <a class="code" href="group__wpcapfunc.html#g346b4b0b7fd1cda4abb9a39f767dbeb1" title="Free an interface list returned by pcap_findalldevs().">pcap_freealldevs</a>(alldevs);        <span class="comment">/* start the capture */</span>    <a class="code" href="group__wpcapfunc.html#g6bcb7c5c59d76ec16b8a699da136b5de" title="Collect a group of packets.">pcap_loop</a>(adhandle, 0, packet_handler, NULL);        <span class="keywordflow">return</span> 0;}<span class="comment">/* Callback function invoked by libpcap for every incoming packet */</span><span class="keywordtype">void</span> packet_handler(u_char *param, <span class="keyword">const</span> <span class="keyword">struct</span> <a class="code" href="structpcap__pkthdr.html" title="Header of a packet in the dump file.">pcap_pkthdr</a> *header, <span class="keyword">const</span> u_char *pkt_data){    <span class="keyword">struct </span>tm ltime;    <span class="keywordtype">char</span> timestr[16];    time_t local_tv_sec;    <span class="comment">/*</span><span class="comment">     * unused variables</span><span class="comment">     */</span>    (VOID)(param);    (VOID)(pkt_data);    <span class="comment">/* convert the timestamp to readable format */</span>    local_tv_sec = header-&gt;<a class="code" href="structpcap__pkthdr.html#21be78b2818c91cb205885b8a6f5aed8" title="time stamp">ts</a>.tv_sec;    localtime_s(&amp;ltime, &amp;local_tv_sec);    strftime( timestr, <span class="keyword">sizeof</span> timestr, <span class="stringliteral">"%H:%M:%S"</span>, &amp;ltime);        printf(<span class="stringliteral">"%s,%.6d len:%d\n"</span>, timestr, header-&gt;<a class="code" href="structpcap__pkthdr.html#21be78b2818c91cb205885b8a6f5aed8" title="time stamp">ts</a>.tv_usec, header-&gt;<a class="code" href="structpcap__pkthdr.html#728f264db4f5cc304742565a2bcdbeea" title="length this packet (off wire)">len</a>);    }</pre></div><p>Once the adapter is opened, the capture can be started with <a class="el" href="group__wpcapfunc.html#g60ce104cdf28420d3361cd36d15be44c" title="Collect a group of packets.">pcap_dispatch()</a> or <a class="el" href="group__wpcapfunc.html#g6bcb7c5c59d76ec16b8a699da136b5de" title="Collect a group of packets.">pcap_loop()</a>. These two functions are very similar, the difference is that pcap_ dispatch() returns (although not guaranteed) when the timeout expires while <a class="el" href="group__wpcapfunc.html#g6bcb7c5c59d76ec16b8a699da136b5de" title="Collect a group of packets.">pcap_loop()</a> doesn't return until <em>cnt</em> packets have been captured, so it can block for an arbitrary period on an under-utilized network. <a class="el" href="group__wpcapfunc.html#g6bcb7c5c59d76ec16b8a699da136b5de" title="Collect a group of packets.">pcap_loop()</a> is enough for the purpose of this sample, while <a class="el" href="group__wpcapfunc.html#g60ce104cdf28420d3361cd36d15be44c" title="Collect a group of packets.">pcap_dispatch()</a> is normally used in a more complex program.<p>Both of these functions have a <em>callback</em> parameter, <em>packet_handler</em>, pointing to a function that will receive the packets. This function is invoked by libpcap for every new packet coming from the network and receives a generic status (corresponding to the <em>user</em> parameter of <a class="el" href="group__wpcapfunc.html#g6bcb7c5c59d76ec16b8a699da136b5de" title="Collect a group of packets.">pcap_loop()</a> and <a class="el" href="group__wpcapfunc.html#g60ce104cdf28420d3361cd36d15be44c" title="Collect a group of packets.">pcap_dispatch()</a>), a header with some information on the packet like the timestamp and the length and the actual data of the packet including all the protocol headers. Note that the frame CRC is normally not present, because it is removed by the network adapter after frame validation. Note also that most adapters discard packets with wrong CRCs, therefore WinPcap is normally not able to capture them.<p>The above example extracts the timestamp and the length of every packet from the <a class="el" href="structpcap__pkthdr.html" title="Header of a packet in the dump file.">pcap_pkthdr</a> header and prints them on the screen.<p>Please note that there may be a drawback using <a class="el" href="group__wpcapfunc.html#g6bcb7c5c59d76ec16b8a699da136b5de" title="Collect a group of packets.">pcap_loop()</a> mainly related to the fact that the handler is called by the packet capture driver; therefore the user application does not have direct control over it. Another approach (and to have more readable programs) is to use the <a class="el" href="group__wpcapfunc.html#g439439c2eae61161dc1efb1e03a81133" title="Read a packet from an interface or from an offline capture.">pcap_next_ex()</a> function, which is presented in the next example (<a class="el" href="group__wpcap__tut4.html">Capturing the packets without the callback</a>).<p><a class="el" href="group__wpcap__tut2.html">&lt;&lt;&lt; Previous</a> <a class="el" href="group__wpcap__tut4.html">Next &gt;&gt;&gt;</a> </div><hr><p align="right"><img border="0" src="winpcap_small.gif" align="absbottom" width="91" height="27">documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2008CACE Technologies. All rights reserved.</p>