On Jun 26, 2006, at 12:03 PM, [EMAIL PROTECTED] wrote:
I am trying to disect ARP/RARP packet.
Basically I am looking for this information: Operation code,
Sender HW address, Sender Protocol address, Destination HW address
and Destination Protocol address.
Is there a direct way using pcap to get that information.
You can use libpcap to get the raw contents of packets, including ARP/
RARP packets.
You can't use libpcap to dissect ARP/RARP packets - or any other type
of packets; it doesn't include any code to dissect packets. You
either have to write your own code to dissect them, or use some
existing code to dissect them (for example, you could copy the code
in tcpdump and modify it as necessary).
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
