network analyzer - handling captured pcap files

3
votes

I'm about to write a program that analyzes network traffic. after searching for answers and not finding any on the net, a few questions:

  1. Capturing network traffic - I'm using the winpcap library for the analyzis. does the capture functionality captures all packets or loss of packets can occur. and if loss occurs how do I prevent it from happening.

  2. Analyzing network traffic - is it better to capture (and analyze) each packet separately or to capture some (in each time) as chunks.

  3. What's easier to handle - tcpdump or winpcap library functionality (I am using the winpcap library at the current time)

  4. Example code to capture and analyze pcap file - not those from jnetpcap website.

jnetpcap website offers examples but not dealing with this questions.

Thanks in advance, Andrei

1
networkingpcaplibpcappacket-capturewinpcap

1 Answers

0
votes

For the first two points: I do not know if there are some packets lost while capturing via Winpcap but I think capturing packets in chunks is better (i.e. in one pcap file) than to save each packet in different files because saving them in different files will have overhead of creating different files every time.

For the 3rd point: I haven't used Winpcap but I didn't see a problem while using Jnetpcap library.

And for the last: For wincap, you can see the examples here http://www.winpcap.org/docs/docs_40_2/html/group__wpcapsamps.html and step by step guide http://www.winpcap.org/docs/docs_412/html/group__wpcap__tut.html