On Sun, Jul 28, 2002 at 02:46:16PM -0700, max wrote: > When I capture a packet with libpcap, how can I tell if the packets is > incoming or outgoing?
You can't necessarily do so; that information isn't available on all platforms, and, as you note, there's nothing in "pcap_pkthdr" to supply that information, so you can't get that from libpcap. > The struct which is returned with every captured packet, pcap_pkthdr, > does not contains this information. The stats structure, pcap_stat, > seems to do. On at least some platforms, the stats structure gets statistics from the OS; it doesn't count packets itself. I.e.: > Do I need to call the function which fills the stats struct for every > packet I capture ...there is no such function on many platforms. Even on platforms where the OS doesn't supply that information, and where the counts are maintained by libpcap, it doesn't make any distinction between incoming and outgoing for "ps_recv" (packets that are transmitted by the machine running the libpcap-based application are often supplied as input to the packet capture mechanism used by libpcap, so they show up as "received" packets). - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
