29.1 IntroductionProviding access to the datalink layer for an application is a powerful feature that is available with most current operating systems. This provides the following capabilities:
The three common methods to access the datalink layer under Unix are the BSD Packet Filter (BPF), the SVR4 Datalink Provider Interface (DLPI), and the Linux SOCK_PACKET interface. We present an overview of these three, but then describe libpcap , the publicly available packet capture library. This library works with all three and using this library makes our programs independent of the actual datalink access provided by the OS. We describe this library by developing a program that sends DNS queries to a name server (we build our own UDP datagrams and write them to a raw socket) and reading the reply using libpcap to determine if the name server enables UDP checksums. |