sample pcap code (cont) pcap_open_live() open a device, return a pcap handle pcap_loop() read from the pcap device, call "handle" for each packet can specify "count" to read can set promiscuous or non-promiscuous sniffing pcap_close() close the pcap device