On Tue, Jun 18, 2002 at 08:15:10PM +0800, Iain McAleer wrote:
> I'm having problems with printing data after it's captured, i tried
> doing an ngrep style data dumping. This didn't get me to far, if any of
> you know of any documentation regarding printing data captured with pcap
> please let me know.
The data captured with libpcap is just a raw sequence of bytes. You
can't just print it by, for example, doing
printf("Packet: %s\n", pd);
where "pd" is the pointer to data passed to you by libpcap.
You could either print it as raw hex data, by taking each byte and
displaying it as two hex digits, or you can dissect it, analyzing the
fields of the various protocols and printing them out as appropriate.
tcpdump can do both; if you want to know how to do the same thing, look
at the tcpdump source.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
