[tcpdump-workers] regarding arp and rarp

2006-06-26 Thread lalani

Hi guys,
 I am trying to disect ARP/RARP packet.
 Basically I am looking for this information: Operation code, Sender  
HW address, Sender Protocol address, Destination HW address and  
Destination Protocol address.

 Is there a direct way using pcap to get that information.

 Thanks a lot,
 zubin



This message was sent using IMP, the Internet Messaging Program.


-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.


Re: [tcpdump-workers] regarding arp and rarp

2006-06-26 Thread Guy Harris


On Jun 26, 2006, at 12:03 PM, [EMAIL PROTECTED] wrote:


 I am trying to disect ARP/RARP packet.
 Basically I am looking for this information: Operation code,  
Sender HW address, Sender Protocol address, Destination HW address  
and Destination Protocol address.

 Is there a direct way using pcap to get that information.


You can use libpcap to get the raw contents of packets, including ARP/ 
RARP packets.


You can't use libpcap to dissect ARP/RARP packets - or any other type  
of packets; it doesn't include any code to dissect packets.  You  
either have to write your own code to dissect them, or use some  
existing code to dissect them (for example, you could copy the code  
in tcpdump and modify it as necessary).

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.


Re: [tcpdump-workers] regarding arp and rarp

2006-06-26 Thread Richard Hansen
Guy Harris [EMAIL PROTECTED] wrote:
 On Jun 26, 2006, at 12:03 PM, [EMAIL PROTECTED] wrote:
 
  I am trying to disect ARP/RARP packet.
  Basically I am looking for this information: Operation code,
 Sender HW address, Sender Protocol address, Destination HW address
 and Destination Protocol address.
  Is there a direct way using pcap to get that information.
 
 You can use libpcap to get the raw contents of packets,
 including ARP/
 RARP packets.
 
 You can't use libpcap to dissect ARP/RARP packets - or any
 other type
 of packets; it doesn't include any code to dissect packets.  You
 either have to write your own code to dissect them, or use some
 existing code to dissect them (for example, you could copy the code
 in tcpdump and modify it as necessary).

Although I haven't tried it out, libnet (http://www.packetfactory.net/libnet/) 
looks like it can dissect ARP (along with a bunch of other protocols).

Hope this helps,
Richard


-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.


Re: [tcpdump-workers] regarding arp and rarp

2006-06-26 Thread Ian McDonald

On 6/27/06, Richard Hansen [EMAIL PROTECTED] wrote:

Guy Harris [EMAIL PROTECTED] wrote:
 On Jun 26, 2006, at 12:03 PM, [EMAIL PROTECTED] wrote:

  I am trying to disect ARP/RARP packet.
  Basically I am looking for this information: Operation code,
 Sender HW address, Sender Protocol address, Destination HW address
 and Destination Protocol address.
  Is there a direct way using pcap to get that information.

 You can use libpcap to get the raw contents of packets,
 including ARP/
 RARP packets.

 You can't use libpcap to dissect ARP/RARP packets - or any
 other type
 of packets; it doesn't include any code to dissect packets.  You
 either have to write your own code to dissect them, or use some
 existing code to dissect them (for example, you could copy the code
 in tcpdump and modify it as necessary).

Although I haven't tried it out, libnet (http://www.packetfactory.net/libnet/) 
looks like it can dissect ARP (along with a bunch of other protocols).

Hope this helps,
Richard


-

As does libtrace:
http://research.wand.net.nz/software/libtrace.php

--
Ian McDonald
Web: http://wand.net.nz/~iam4
Blog: http://imcdnzl.blogspot.com
WAND Network Research Group
Department of Computer Science
University of Waikato
New Zealand
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.