认识pcap_t
实例
handle = {
fd = 7, // 文件描述符
snapshot =
8192,
linktype = 1, // LINKTYPE_ETHERNET 1
链路层的类型
tzoff = 0, /* timezone offset */
offset =
2, /* offset for proper alignment */
sf =
{ // struct pcap_sf sf; sf = savefile
rfile =
0x0, // File *
swapped = 0,
version_major = 0,
version_minor = 0,
base = 0x0
},
md = { //
struct pcap_md md;
stat = { // struct pcap_stat
stat; As returned by the pcap_stats()
ps_recv
= 0, /* number of packets received */
ps_drop = 0, /* number of packets dropped */
ps_ifdrop = 0 /* drops by interface XXX not yet supported
*/
},
use_bpf = 0, //
TotPkts = 0, /* can‘t oflow for 79 hrs on ether
*/
TotAccepted = 0, /* count accepted by filter
*/
TotDrops = 0, /* count of
dropped packets */
TotMissed = 0, /*
missed by i/f during this run */
OrigMissed = 0, /*
missed by i/f before this run */
pad = 0,
skip = 0,
device = 0x80627a8
"eth0" // 使用哪个设备
},
bufsize = 1564, // buf的大小
buffer = 0x8062180 "", // buffer的指向
bp = 0x0,
cc = 0,
pkt = 0x0, // Place holder for pcap_next().
fcode
= { // Placeholder for filter code if bpf not in
kernel.
bf_len = 0,
bf_insns =
0x0
},
errbuf = ‘\000‘ <repeats 255 times> //
错误信息
}
原文:http://www.cnblogs.com/kwingmei/p/3622224.html