Master the fundamental concepts of network stack fundamentals through this focused micro-challenge.
libpcap is the standard cross-platform library for capturing network traffic. It powers tcpdump, Wireshark, and countless custom analyzers. For example, opening eth0 with a filter like tcp port 80 lets you see only HTTP traffic destined for port 80.
The typical capture sequence:
pcap_findalldevs(): enumerate interfaces (eth0, lo, wlan0)pcap_open_live(): open a device with snapshot length and timeoutpcap_compile() + pcap_setfilter(): apply a BPF filter stringpcap_loop(): call your callback for each matching packetpcap_close(): release the handleBerkeley Packet Filter expressions compile to bytecode that runs in the kernel before packets reach user space. Common filters:
icmp for ping trafficudp port 53 for DNS querieshost 192.168.1.1 for traffic to or from one hostEach captured packet arrives with a pcap_pkthdr timestamp and length, followed by raw bytes starting at the Ethernet header.
This task asks you to document the libpcap setup flow even though live capture cannot run in the sandbox. You will need this API knowledge when you build custom packet analyzers instead of clicking through someone else's Wireshark capture. The BPF compiler inside libpcap is the ancestor of Linux eBPF, which now runs sandboxed programs in the kernel for networking and security tooling.
Write a C program that conceptually demonstrates libpcap usage. Since we cannot execute live capture in the sandbox, print what the code would capture.
Requirements:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github