Hello,
I have developed a small security toolsthatuse the libpcap for metrology
purpose. I'd like to add new online capture feature, to generate pcap file
(from a given BPF filter), without disrupting my metrology tool (nor inducing
packets lost).
So, I'd wish to know the best way to dothe acquisition with both, a BPF filter,
and none (=continuously acquiring data without filtering).
Generally, is it possible to call a 2nd applications that also use the libpcap
on the same network interface (without disruptionor packet loss)? If yes, the
solution might be to simply call tcpdump (as a system commandfor example...)
And if not... should I rewrite a BPF decoder&filter and use my current pcap
loop ? Is there a easier better way ?
Thank you very much in advance for your response.
Regards
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
