network analyzer - handling captured pcap files

I'm about to write a program that analyzes network traffic. after searching for answers and not finding any on the net, a few questions:

  1. Capturing network traffic - I'm using the winpcap library for the analyzis. does the capture functionality captures all packets or loss of packets can occur. and if loss occurs how do I prevent it from happening.

  2. Analyzing network traffic - is it better to capture (and analyze) each packet separately or to capture some (in each time) as chunks.

  3. What's easier to handle - tcpdump or winpcap library functionality (I am using the winpcap library at the current time)

  4. Example code to capture and analyze pcap file - not those from jnetpcap website.

jnetpcap website offers examples but not dealing with this questions.

Thanks in advance, Andrei

Answers


For the first two points: I do not know if there are some packets lost while capturing via Winpcap but I think capturing packets in chunks is better (i.e. in one pcap file) than to save each packet in different files because saving them in different files will have overhead of creating different files every time.

For the 3rd point: I haven't used Winpcap but I didn't see a problem while using Jnetpcap library.

And for the last: For wincap, you can see the examples here http://www.winpcap.org/docs/docs_40_2/html/group__wpcapsamps.html and step by step guide http://www.winpcap.org/docs/docs_412/html/group__wpcap__tut.html


Need Your Help

Python save output to file when run at startup raspberry pi

python linux shell exception raspberry-pi

I have a issue with my raspberry pi that starts up a python script it generates a exception somewhere and I have catched all errors which are printed into the terminal (if running from idle).