Guy Harris wrote:
> Actually, it also accepts one other type of input: the standard input.
>
> I.e., if you open "-" with "pcap_open_offline()", it'll read from the
> standard input, which could be a pipe.
>
> Can your sniffer/spoofer write out the traffic in libpcap format to the
> client connection?
The sniffer/spoofer only accepts TCP connections; my client connects to the
sniffer/spoofer via TCP and then dumps the packets received from the
sniffer/spoofer on stdout which is then piped into tcpdump. The problem of
converting the sniffer/spoofer to dump on stdout directly is that it can
listen on more than one interface. When the client connects to it it needs
to specify which interface it wants to listen to. Therefore, to capture
packet streams on two interfaces managed by the sniffer/spoofer I need to run
two clients and pipe each client's output into tcpdump separately. I agree
that your proposed pcap_fdopen() would result in less changes to libpcap;
however, it would not work for me because my sniffer/spoofer needs to run as
a daemon.
Uros
--
Uros Prestor
[EMAIL PROTECTED]
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
