On Thu, Jul 11, 2002 at 12:47:18PM -0500, Beatriz Silva wrote:
> I am trying to make a C++ program to filter and analyse OSPF packets
> from a broadcast network. I am trying to read ethereal source code, but
> since I am not an experient programer I find it very very dificult.
Ethereal may be overkill as sample code here, especially if your program
isn't going to be a GUI application like Ethereal.
You might want to look at the tcpdump source instead.
> I am now reading capture.c and I do not understand all of this create
> a pipe for the child process, synchronise ... What is all of this for?
It's for the "Update list of packets in real time" feature; one process
does the capturing, one process updates the display, and the pipe is
used to communicate between the processes.
> Why there is a pipe_open_live() if there is the pcap_open_live() from
> pcap library?
Because Ethereal can capture from a pipe as well as a networking device,
so you can have a program that does capturing and have Ethereal read the
packets it captures as they're captured.
That has nothing to do with the other pipe for synchronization between
the two Ethereal processes.
But you don't necessarily need all that stuff.
> What is the difference between a pipe capture and a normal capture ?
In a pipe capture, Ethereal reads packets from a pipe to another
program.
In a normal capture, Ethereal reads packets from a networking device.