On 6/27/06, Richard Hansen <[EMAIL PROTECTED]> wrote:
Guy Harris <[EMAIL PROTECTED]> wrote:
> On Jun 26, 2006, at 12:03 PM, [EMAIL PROTECTED] wrote:
>>  I am trying to disect ARP/RARP packet.
>>  Basically I am looking for this information: Operation code,
>> Sender HW address, Sender Protocol address, Destination HW address
>> and Destination Protocol address.
>>  Is there a direct way using pcap to get that information.
> You can use libpcap to get the raw contents of packets,
> including ARP/
> RARP packets.
> You can't use libpcap to dissect ARP/RARP packets - or any
> other type
> of packets; it doesn't include any code to dissect packets.  You
> either have to write your own code to dissect them, or use some
> existing code to dissect them (for example, you could copy the code
> in tcpdump and modify it as necessary).

Although I haven't tried it out, libnet (http://www.packetfactory.net/libnet/) 
looks like it can dissect ARP (along with a bunch of other protocols).

Hope this helps,

As does libtrace:

Ian McDonald
Web: http://wand.net.nz/~iam4
Blog: http://imcdnzl.blogspot.com
WAND Network Research Group
Department of Computer Science
University of Waikato
New Zealand
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Reply via email to