On Tue, Jun 18, 2002 at 08:15:10PM +0800, Iain McAleer wrote: > I'm having problems with printing data after it's captured, i tried > doing an ngrep style data dumping. This didn't get me to far, if any of > you know of any documentation regarding printing data captured with pcap > please let me know.
The data captured with libpcap is just a raw sequence of bytes. You can't just print it by, for example, doing printf("Packet: %s\n", pd); where "pd" is the pointer to data passed to you by libpcap. You could either print it as raw hex data, by taking each byte and displaying it as two hex digits, or you can dissect it, analyzing the fields of the various protocols and printing them out as appropriate. tcpdump can do both; if you want to know how to do the same thing, look at the tcpdump source. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe