Hi I am a newbie in C programming. Can anyone tell me what is errbuf[PCAP_ERRBUF_SIZE], pcap, pcap_t and how does pcap_lookupdev() work
struct pcap_pkthdr header;
const unsigned char *packet;
char errbuf[PCAP_ERRBUF_SIZE];
char *device;
pcap_t *pcap_handle;
int i;
device = pcap_lookupdev(errbuf);
what is errbuf[PCAP_ERRBUF_SIZE]
Some libpcap routines, if they fail, put an error message into a buffer, so that the program using libpcap can report the error to the user. pcap_lookupdev() is one of those routines; if it returns NULL, that means it didn't find any device that it could open, so it puts an error message into errbuf.
pcap
"pcap" is a name sometimes used for libpcap and WinPcap, or for the capture file format that it (and some other code, such as Wireshark) writes.
pcap_t
A pcap_t is a handle used to read packets from a network interface, or from a pcap (or, in newer versions of libpcap, pcap-ng) file containing packets. libpcap/WinPcap routines such as pcap_open_live() and pcap_open_offline() return a pcap_t from which you can read packets with routines such as pcap_loop(), pcap_dispatch(), pcap_next(), and pcap_next_ex(); in newer versions of libpcap (but not yet in WinPcap), you can also get a pcap_t by calling pcap_create(), set various options on that pcap_t, and then "activate" it, making it available to capture on, with pcap_activate().
what do they mean by device
Usually, a device is a network interface, such as eth0 or wlan0 on a Linux machine, en0 or en1 on a Mac, various other names on BSD, Solaris, HP-UX, AIX, etc., or various somewhat cryptic strings on Windows with WinPcap. On some platforms, libpcap may also let you capture traffic on your machine's USB interfaces (raw USB traffic - you could also capture on USB network interfaces, but those would just be like regular network interfaces).