Re: Capturing packets content using libpcap

[Shameem Ahamed <shameem.ahamed () hotmail com>]

Yes, you can do it.

Remove all the headers, ethernet, network and tcp headers, and then take the payload.  Payload contains all the 
remaining data.

Regards,
Shameem

> Date: Mon, 20 Apr 2009 11:45:43 +0700
> From: dachuy () gmail com
> To: tcpdump-workers () lists tcpdump org
> Subject: [tcpdump-workers] Capturing packets content using libpcap
>
> Hi everybody,
> Currently I'm using libpcap to develop a sniffing tool. I've read some 
> tutorials and I can get the packet header, is it possible to capture the 
> plain-text content using libpcap also ? ( like http request content ... )
> I've tried to search on Google, looked at the documentation of tcpdump 
> and wireshark but found nothing.
>
> One thing I found from google is that libpcap only captures 2% packets 
> of network, i'm wondering how can wireshark and tcpdump capture 
> everything while they're still using lipbcap.
> -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.

_________________________________________________________________
Windows Live Messenger. Multitasking at its finest.
http://www.microsoft.com/india/windows/windowslive/messenger.aspx-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.