I'm using the libpcap for capturing all packets on a specific port. But I need to separate and know clearly which packets my device is sending, and which ones it is receiving.
Actually I use pcap_close() for capturing packets, and it's working well ; but the struct pcap_pkthdr doesn't contain any information if the packet is received or sent.
I have a few options, but I think all of them are not quite good:
- I could try getting my own IP and compare it with the IP inside the
IP Header, but it's a big heavy to always check my IP and compare it... - I could do two pcap filter with in one
src hostand the otherdest host. But that would make no sense to have two filter like this, and I wouldn't know how to capture with two separate filter.
So, am I wrong ? If not, is there an efficient way to separate received from sent packets ? Thank you !
