On Wed, Feb 21, 2001 at 04:30:08PM -0800, Uros Prestor wrote:
> I have a simulation setup where one process acts as a network
> sniffer/spoofer and the clients connect to it via TCP connections. In
> order to debug it, I needed a client which would attach to the
> sniffer/spoofer, read the Ethernet traffic over TCP and write it out in
> the archive format suitable for `tcpdump -r'. As it is, libpcap accepts
> only two kinds of input: live captures and stored archive files.
Actually, it also accepts one other type of input: the standard input.
I.e., if you open "-" with "pcap_open_offline()", it'll read from the
standard input, which could be a pipe.
Can your sniffer/spoofer write out the traffic in libpcap format to the
client connection?
If so, then another solution might be to have
pcap_t pcap_fdopen(int fd, char *ebuf);
which works like "pcap_open_offline()" except that, instead of opening a
file with "fopen()", or just using "stdin" if the file name is "-", it'd
do an "fdopen()".
If that could be made to work, it'd require fewer code changes, and no
callback routine for reading the packets.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
