Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!inferno.mpx.com.au!news.unimelb.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!gatech!ennfs.eas.asu.edu!noao!rstevens From: rstevens@noao.edu (W. Richard Stevens) Newsgroups: comp.unix.bsd.freebsd.misc,comp.protocols.tcp-ip Subject: Re: Q: Raw sockets to buypass tcp/udp? Date: 19 Apr 1997 12:58:02 GMT Organization: National Optical Astronomy Observatories, Tucson, AZ, USA Lines: 8 Message-ID: <5jafgq$o0v@noao.edu> References: <33551811.6113@snads.lkg.dec.com> <5j7vc3$1es$1@sol.ctr.columbia.edu> NNTP-Posting-Host: gemini.tuc.noao.edu Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:39348 comp.protocols.tcp-ip:53144 > The only problem with BPF is that programming it can be tricky; That's *exactly* why you should be using libpcap--it lets you program BPF (or whatever) using the same high-level commands as you can give to tcpdump on the command line. Then call pcap_compile() and it compiles it into BPF's internal language. Rich Stevens