0

I am looking into have a custom sniffing application which detects TCP packets. But I see some of the packets are lost, meaning some of the packets are not captured by the application.

I am looking for the clarifications on the below questions,

  1. Is it possible to write a sniffing application in C which detects 100% of TCP packets without losing any single packet using socket RAW_PACKET option ?
  2. Any specific design considerations to think of ? FYI. I dont use multi-threading here. The application mostly deals with I/O.
  3. Any reference docs / links / books that you think will help me here ?
Marikannan
  • 1
  • 4
  • See https://stackoverflow.com/questions/32035153 for some advice – ofo Feb 13 '20 at 05:15
  • Thanks ofo. The reference links for that question helps https://github.com/the-tcpdump-group/libpcap/blob/735f1f9d3318693f0096be4198d34e9ac0985777/pcap-linux.c#L3528 . Setting Promiscuous Mode helps in my scenario. – Marikannan Feb 13 '20 at 15:00

0 Answers0