Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Does libpcap have any disadvantages, which I should be aware of?

disadvantages libpcap
0
Posted

Does libpcap have any disadvantages, which I should be aware of?

0 CommentsAdd a Comment

1 Answer

0

Yes, libpcap will only use in-kernel packet filtering when using BPF, which is found on BSD derived systems. This means any packet filters used on other operating systems which don’t use BPF will be done in user space, thus losing out on a lot of speed and efficiency. This is not what you want, because packet loss can increase when sniffing a busy network. DEC OSF/1 has an API which has been extended to support BPF-style filters; libpcap does utilize this. In the future, libpcap may translate BPF style filters to other packet capturing facilities, but this has not been implemented yet as of version 0.3 Refer to question 1.4 to see how packet filters help in reliably monitoring your network.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123