need advice on pcap program

["Mustafa Abu Sedera" <tifa_80 () hotmail com>]

hello everybody!!

i'm writing a sniffer as a part of my graduation project.
all i want the sniffer to do is dump the packet in dump-files -each one 
containing a certain number of packets (say 'x')- in their raw form. when a 
file is full with 'x' packets the program should close the current file and 
open the next one and write to it until it is full and so on...

i'm confused which way to do it:

1)using pcap_next() to deal with each packet individually

2)using pcap_loop() to loop 'x' times and with each callback write the 
received packet to file then return to main program and close the current 
file, open the next file and calling pcap_loop() again for 'x' times and so 
on.......

3)using pcap_loop() with a 'cnt'value of -1 to loop indefinitely and handle 
all the file opening, closing and writing in the callback fn.

take in consideration that i want the program to be as fast and as efficient 
as possible

i would be glad to hear ANY opinion on which way is best and if you have any 
ideas other than the above please say it.

i'm familiar with the pcap functions...the idea is the important part for me

thank you for your time

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe