On Mon, Oct 29, 2001 at 07:14:10PM -0000, [EMAIL PROTECTED] wrote:
> I want packets in form of the ip packet structure ( or other protocoles)
> but libpcap gives packets in form of string of bytes. Is there any program
> (or library) that convert output of libpcap to defined structures or myself
> should write code for it ?
You'd have to write code for it yourself.
Michael Richardson has been working on making a library out of tcpdump,
but it hasn't been released as a library yet.
You might want to look at how tcpdump looks at packets (it's a bit of a
complicated process; it first has to look at the link-layer header, to
see what type of packet it is, and then it looks at the next header
after that, but which header that is - ARP, IPv4, IPv6, etc. - depends
on the packet type, and then it has to look at the headers for the
protocol that's running on top of that protocol, if any, and so on).
The tutorial I mentioned in my previous release has a page on that:
http://www.cse.nau.edu/~mc8/Socket/Tutorials/section4.html
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
