Re: [tcpdump-workers] regarding arp and rarp
On 6/27/06, Richard Hansen <[EMAIL PROTECTED]> wrote: Guy Harris <[EMAIL PROTECTED]> wrote: > On Jun 26, 2006, at 12:03 PM, [EMAIL PROTECTED] wrote: > >> I am trying to disect ARP/RARP packet. >> Basically I am looking for this information: Operation code, >> Sender HW address, Sender Protocol address, Destination HW address >> and Destination Protocol address. >> Is there a direct way using pcap to get that information. > > You can use libpcap to get the raw contents of packets, > including ARP/ > RARP packets. > > You can't use libpcap to dissect ARP/RARP packets - or any > other type > of packets; it doesn't include any code to dissect packets. You > either have to write your own code to dissect them, or use some > existing code to dissect them (for example, you could copy the code > in tcpdump and modify it as necessary). Although I haven't tried it out, libnet (http://www.packetfactory.net/libnet/) looks like it can dissect ARP (along with a bunch of other protocols). Hope this helps, Richard - As does libtrace: http://research.wand.net.nz/software/libtrace.php -- Ian McDonald Web: http://wand.net.nz/~iam4 Blog: http://imcdnzl.blogspot.com WAND Network Research Group Department of Computer Science University of Waikato New Zealand - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] regarding arp and rarp
Guy Harris <[EMAIL PROTECTED]> wrote: > On Jun 26, 2006, at 12:03 PM, [EMAIL PROTECTED] wrote: > >> I am trying to disect ARP/RARP packet. >> Basically I am looking for this information: Operation code, >> Sender HW address, Sender Protocol address, Destination HW address >> and Destination Protocol address. >> Is there a direct way using pcap to get that information. > > You can use libpcap to get the raw contents of packets, > including ARP/ > RARP packets. > > You can't use libpcap to dissect ARP/RARP packets - or any > other type > of packets; it doesn't include any code to dissect packets. You > either have to write your own code to dissect them, or use some > existing code to dissect them (for example, you could copy the code > in tcpdump and modify it as necessary). Although I haven't tried it out, libnet (http://www.packetfactory.net/libnet/) looks like it can dissect ARP (along with a bunch of other protocols). Hope this helps, Richard - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] pcap_loop() not returning after pcap_breakloop() until another packet arrives
On Jun 24, 2006, at 10:50 PM, Richard Hansen wrote: I have one thread that sits in pcap_loop() and another thread that calls pcap_breakloop() when it is time to shut down. My code works well on Windows (WinPcap 3.1). Well, sort of. I suspect that pcap_breakloop() doesn't *immediately* break you out of the loop - it's probably delayed until a packet arrives *or* the timeout expires. On Linux (libpcap 0.9.4, kernel 2.6.16) the pcap_loop() doesn't return after calling pcap_breakloop() until another packet arrives. Is this expected or proper behavior? Expected, yes. Linux's packet capture mechanism doesn't have the timeouts that the WinPcap driver, BPF, etc. do. How can I tell Linux to return from that readfrom() call that it's blocking on? You *might* be able to do it with pthread_cancel(), although that will, ultimately, terminate the thread (unless a cleanup handler never returns). - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] regarding arp and rarp
On Jun 26, 2006, at 12:03 PM, [EMAIL PROTECTED] wrote: I am trying to disect ARP/RARP packet. Basically I am looking for this information: Operation code, Sender HW address, Sender Protocol address, Destination HW address and Destination Protocol address. Is there a direct way using pcap to get that information. You can use libpcap to get the raw contents of packets, including ARP/ RARP packets. You can't use libpcap to dissect ARP/RARP packets - or any other type of packets; it doesn't include any code to dissect packets. You either have to write your own code to dissect them, or use some existing code to dissect them (for example, you could copy the code in tcpdump and modify it as necessary). - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
[tcpdump-workers] regarding arp and rarp
Hi guys, I am trying to disect ARP/RARP packet. Basically I am looking for this information: Operation code, Sender HW address, Sender Protocol address, Destination HW address and Destination Protocol address. Is there a direct way using pcap to get that information. Thanks a lot, zubin This message was sent using IMP, the Internet Messaging Program. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
