Look at libpcapnav: http://netdude.sourceforge.net/
On Fri, Feb 29, 2008 at 4:18 AM, Giovanni Venturi <[EMAIL PROTECTED]> wrote: > Hello, > I'm new in this list. I wrote a sniffer using libpcap but I've got some > questions. I'd like to access directly to the packets number N in the dump > file. How can I do without start form the first packet and go on sequentially > till the N packet? I ask you this becase If I've got a file with 100'000 > packets and I want to display the information of the 99'000th packet, if read > sequentially packet after packet, this operation can also to last 2-3 minutes > or more. > I was thinking to store in a vector the lenght of each packets, so adding the > lenghts of the first 89999 packets I can know that the data is contained > after the SUM bytes, so I can do a seek into the dumped file, but there are 2 > problems to do this: > 1. when I save a pcap packet in a dump file it is bigger that its real > lenght > (so I can't predict if a packet is of D bytes how many bytes will fill in the > file); > 2. how can I access directly to the packet starting from the byte SUM in the > dump file? (a seek on the dumped file)... I found no function that do this in > the libpcap code. > > Does someone can give me some hints? > Giovanni -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
