Can I be able to use Libpcap for capturing packets on Unix socket by the following way described in the body of the mail

[<santosh.soule () wipro com>]

In case below mail din't reach the list...so posting again...I need your
input guys...Its very urgent...

Hi,

I need a clarification regarding Libpcap library. What I am doing is
instead of writing the packets on to ethernet interface, I am writing on
to the Unix socket.
I am using Libnet library for building and injecting the packets. I have
modified the Libnet library for supporting Unix sockets. For capturing
the packets on unix sockets I am thinking of using Libpcap library.

The idea is some what like this,
The application is a kind of client and server concept, both running on
the same machine and the communication between them will be happening
through Unix sockets. I will build the packet and write it on to the
Unix socket. Server application will send the reply to the unix
socket(Basically a file). Yes, I know at a same time two process can not
write to the same file. So for this I will be using Semaphores(or some
locking mechanism). Now I have my data in the File(which is nothing but
the raw packet).

Basically when using libpcap what we do is call "pcap_open_live()" to
obtain a packet descriptor to look at packets on the network. It takes
an argument "device", it is a string that specifies the network device
to open. And then a call to "pcap_dump_open(pcap_t *p, const char
*fname)"is made to open a "savefile" for writing, where "p" is the pcap
struct returned by the "pcap_open_live()" , fname specifies the name of
the file to open.

But in my case(ie unix socket), I am already having the file which is in
the "tcpdump" format. And Instead of using "pcap_open_live()", I will
use "pcap_open_offline(const char *fname, char *errbuf)", which will
give me the pcap handle as the return value. This pcap handle I will for
further processing.

The thing is, basically pcap also uses tcpdump format only. Pcap can
interpret tcpdump format. And the file to which I will be redirecting
the output will have the data as the raw packet which won't be a problem
for pcap to interpret. This is what is my understanding.

I want your comments on this. Is it ok or there is any problem. If there
is then what it can be or what it is. Please give me your valuable
inputs.

Regards,
Santosh



The information contained in this electronic message and any attachments to this message are intended for the exclusive 
use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately 
and destroy all copies of this message and any attachments.

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for 
the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.

www.wipro.com-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.