tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using the decoders in other applications?

From: Christian Kreibich <christian () whoop org>
Date: 14 Jan 2004 12:47:54 +0000
Hi Aaron,

On Tue, 2004-01-13 at 19:29, Aaron Turner wrote:

Hey everyone,

I'm sure many of you are somewhat familar with tcpreplay which I
currently maintain (http://tcpreplay.sf.net for those of you not).
Lately I've recieved a few requests to add support for decoding of
packets to STDOUT as they are sent on the wire.

Obviously, I have no wish to reinvent the wheel, and I immediately
started looking at figuring out a way to optionally link, include, etc 
the tcpdump code.

Turns out that this appears to be a lot more complicated then I had
hoped.  So I figured I'd email the list and try to find out:

1) If anyone has done something like this before and had some
suggestions?

2) If any plans have been made to modularize/librarize the code so that
the decoders could be used in other applications without declaring a
bunch of global variables?

3) If someone has a better idea of how to accomplish the above goal.


you might find libnetdude helpful, the packet editing backend of the
Netdude tracefile editor. The library can talk to a tcpdump process via
ipc, giving you tcpdump output for individual packet data. Here's the
tcpdump equivalent, using libnetdude:

----
#include <stdio.h>
#include <libnd.h>

int
main(int argn, char **argv)
{
  LND_Trace          *trace;
  LND_PacketIterator  pit;
  LND_Packet         *packet;
  char line[4096];

  libnd_init();

  /* Open a tracefile: */
  if (! (trace = libnd_trace_new(argv[1])))
    {
      printf("Could not open %s\n", argv[1]);
      exit(-1);
    }

  for (libnd_pit_init(&pit, trace); libnd_pit_get(&pit);
       libnd_pit_next(&pit))
    {
      libnd_tcpdump_get_packet_line(libnd_pit_get(&pit), line, FALSE);
      printf("%s\n", line);
    }

  return 0;
}
----

You can also initialize packets from raw data, which sounds more like
what you'd need. Details on http://netdude.sf.net ...

Hope this helps,
Christian.
-- 
________________________________________________________________________
                                          http://www.cl.cam.ac.uk/~cpk25
                                                    http://www.whoop.org

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: