libpcap's beginner guide is surprisingly easy to follow
so I wrote a primitive sniffer that's very likely to get myself hacked just because I didn't want wireshark storing all my network packets... I wonder why wireshark couldn't discard irrelevant packets in real time with its powerful display filters, I only need like under 2% of the captured packets even after bpf filtering.
@ghost I once wrote a UPS driver and I'm afraid the device info parser could be vulnerable and that would be an embarrassing pull request. I changed the function to read from stdin and ran it via American Fuzzy Lop. It found *three* off-by-one errors in my code. 🤣