Closed rexlManu closed 2 years ago
I got a setup with a remote rpcap and trying to capture from that. I found out that it works with pcap_open_live but I receive NoSuchDevice when trying with pcap_activate.
Currently:
pcap_open()
(without _live
) fully supports opening remote devices;pcap_open_live()
supports it, but doesn't support passing a user name/password as arguments and doesn't support flags such as "use UDP for the data channel";pcap_create()
/pcap_activate()
don't support it.The ultimate goal is to support it with pcap_create()
(or, perhaps, an extended version of pcap_create()
) and pcap_activate()
.
So my question is what is the difference. I thought that pcap_open_live is like in a deprecated state.
It is. For local capture, pcap_create()
/pcap_activate()
can do everything pcap_open_live()
can do and more. For remote capture, pcap_open()
can do everything pcap_open_live()
can do and more.
I finally checked the code behind the api, actually im using https://github.com/dotpcap/sharppcap and just created a dummy c project to test it and after reviewing the code I found out, that pcap_open_live does much more than pcap_create / activate.
So thanks for your answer.
So for future coders, that get the some problem. Use pcap open :)
I found out, that pcap_open_live does much more than pcap_create / activate.
What it's doing is a combination of
#ifdef ENABLE_REMOTE
/#endif
);The goal is to eliminate the first of those, once there's a create/activate API to support remote capture as well as local capture.
Hey, I want to know the difference from them.
I got a setup with a remote rpcap and trying to capture from that. I found out that it works with pcap_open_live but I receive NoSuchDevice when trying with pcap_activate.
As example my testing code:
So my question is what is the difference. I thought that pcap_open_live is like in a deprecated state.