Libpcap's monolithic structure contains a lot of useful information. The following functions pull various bits of information from libpcap's innards.
int pcap_datalink(pcap_t *p);
pcap_datalink() returns the link-layer type of the packet capture device that p references. Table 2.4 summarizes some of the more common return values for the function.
|
RETURN VALUE |
MEANING |
|---|---|
|
|
|
|
DLT_EN10MB |
Ethernet, all speeds, 10MB and above |
|
|
|
|
DLT_IEEE802 |
IEEE 802.5 Token Ring |
|
|
|
|
DLT_PPP |
Point-to-Point Protocol |
|
|
|
|
DLT_FDDI |
Fiber Distributed Data Interface |
|
|
|
|
DLT_RAW |
Raw IP (no link layer encapsulation) |
|
|
|
|
DLT_IEEE802_11 |
IEEE 802.11 Wireless |
int pcap_snapshot(pcap_t *p);
pcap_snapshot() returns the snapshot length of the libpcap descriptor that p referenced.
int pcap_stats(pcap_t *p, struct pcap_stat *ps);
pcap_stats() fills in a pcap statistics structure ps for the libpcap descriptor p. Upon success, the function returns 0. Upon failure, the function returns -1, and one of the pcap_*err() functions might tell you why.
int pcap_fileno(pcap_t *p);
pcap_fileno() returns the internal file descriptor number of the underlying packet capture mechanism (socket, BPF device, DLPI device, and so on) that p referenced for a live capture session. Upon success, the function returns the file descriptor number, and upon failure it returns -1.