Pcapplusplus equivalent for listening to all interfaces/devices

Question

In libpcap, we're able to listen to all devices by simply doing

pcap_t * handle = pcap_open_live(NULL , INT_MAX , 0 , 500 , errbuf);
            
            if (handle == NULL)
            {
                exit(1);
            }

//Put the device in sniff loop
pcap_loop(handle , -1 , process_packet , NULL);

Where NULL in the first argument of pcap_open_live is simply a wild card. I am wondering if there's an equivalent in PcapPlusPlus.

Also, I tried simply calling pcpp::PcapLiveDeviceList::getInstance().reset(), but that caused a crash when I tried running it each time I would cycle through the pcpp::PcapLiveDeviceList::getInstance().getPcapLiveDevicesList().

score 1 · Answer 1 · answered Dec 14 '21 at 20:14

NULL works, for backwards compatibility, but to capture on all interfaces on Linux (or, with the libpcap that Apple ships on macOS, macOS), you should pass the string "any", instead.

"any" as an interface name should work with all libpcap wrappers, including PcapPlusPlus.

This will not work on Windows or on UN*Xes other than Linux or macOS. There is no "all interfaces" device name on other OSes. That's a libpcap limitation, so it's a limitation with raw libpcap and with all wrappers.

Pcapplusplus equivalent for listening to all interfaces/devices

1 Answers1