According to W.R. Stevens, libpcap is the de facto library for network packet filtering (or sniffing..) on virtually all UNIX systems. I have to quickly write a simple packet filter, over 10BaseT ethernet, that merely filters on protocol (tcp) as well as the src and dest (address:port pairs). I just want to write a bare-bones program because it will be embedded as a simple feature in a much larger app. So, if I was on a UNIX system, I would use Steven's advice and examples coupled with my decent UNIX understanding and be home-free in a relatively short time. Unfortunately, I have been thrust onto a shiny, Windows NT machine. Winsock (the BSD sockets clone for Windows) doesn't seem to support packet filtering (some form of BPF, DLPI or SOCK_PACKET are the three common methods given by Stevens). Finding any documentation or support on a topic like this has proven more difficult than I originally thought -- it appears that Windows programmers are less libertarian than their UNIX counterparts and consequently, they generally do not give away their source or detailed docs. I know that writing a packet filter is definitely possible on NT -- there are several commercial packet filters available -- but that's where my knowledge ends. My naive hope is that some Linux programmer will have had some experience with NT network programming and will be able to point me toward meaningful libraries and docs. Thanks for your time, Andrew Bell
