Caching captured packets

[David Murray <30179198 () student murdoch edu au>]

Hi,

I'm pretty new to c and pcap so hopefully this question does not seem 
too basic. So, I want to be able to store captured packets in an array 
for a small period of time.

At the moment I am able to capture packets using pcap_next();. This 
function returns a pointer to the actual packet. With this pointer I 
can do all sorts of useful things, however, what I really want to do is 
store the data of the packet in an array. I have tried storing the 
returned pointer but because that simply points to the mem location of 
the last packet it creates an array of pointers that all point to the 
same packet. What I really need to do is to store the data that the 
returned pointer points to.

Reading about pcap_next() in the man page of pcap, it says:

"pcap_next() reads the next packet (by calling  pcap_dispatch()  with  a
cnt  of  1)  and  returns  a u_char pointer to the data in that packet.
(The pcap_pkthdr struct for that packet  is  not  supplied.)"

The final line of that entry confuses me, it says "The pcap_pkthdr 
struct for that packet  is  not  supplied". Does that mean that the 
data that our returned pointer points to does not conform to 
pcap_pkthdr struct?

Any hints or help would be appreciated,
Thanks
Dave
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.