Opens a network device for packet capture, allowing you to specify the buffer length of a Berkeley Packet Filter (BPF).
pcap Library (libpcap.a)
The pcap_open_live_sb subroutine opens the specified network device for packet capture. This subroutine allows you to specify the buffer size for the BPF to use in capturing the packets. You must run this subroutine before any packet capturing can occur. All other subroutines dealing with packet capture require the packet capture descriptor that is created and initialized with this subroutine.
To opening a previously saved file that contains packet capture data, use the pcap_open_offline subroutine.
| Item | Description |
|---|---|
| buf_len | Specifies the buffer size that the BPF is to use. If the system cannot provide memory of this size, the system will choose a smaller size. |
| device | Specifies a string that contains the name of the network device to open for packet capture, for example, en0. |
| ebuf | Returns error text and is only set when the pcap_open_live subroutine fails. |
| promisc | Specifies that the device is to be put into the promiscuous mode. A value of 1 (True) turns the promiscuous mode on. If this parameter is zero (False), the device remains unchanged. In this case, if it has already been set to the promiscuous mode (for some other reason), it remains in this mode. |
| snaplen | Specifies the maximum number of bytes to capture per packet. |
| to_ms | Specifies the read timeout in milliseconds. |
If successful, the pcap_open_live_sb subroutine returns a pointer to the packet capture descriptor that is created. If the pcap_open_live_sb subroutine is unsuccessful, NULL is returned, and the text indicating the specific error is written into the ebuf buffer.