tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Packet captured with PCAP

From: "Mustafa Abu Sedera" <tifa_80 () hotmail com>
Date: Thu, 13 Mar 2003 15:55:21 +0000







I begin to work with pcap and I have some problem. I would only see packet
contents on my screen. First I called pcap_loop like this...

pcap_loop(handle,-1,traitement_pkt,NULL);

/*My callback function is*/

void traitement_pkt(u_char *args, const struct pcap_pkthdr *header, const
u_char *packet)
{
  printf("Voici le paquet capture via pcap_loop\n%s\n",packet);
}


I had the same problem in the beginning but then i concluded this:
the packet is not stored as a NULL terminated string, it is stored as an array of chars. each char contains one byte of the received packet. the reason for this i think is that the packet may contain bytes with the value 0x00 which would be understood as a string termination although the packet contains more bytes after it. in your case probably the packet contained a 0x00 as the first byte so printf() thinks that it is an empty string. 
any way, print the contents of packet like this:

for(i=0; i<header->caplen; i++)
{
printf("%.2x ",packet[i]);//prints the char(byte) in hex format- //2 digits then space 
   if((i+1)%20==0)printf("\n");//every 20 bytes start a new line
}



Another question, where can I see archives from Jan and Feb 2003? The
following link stop at December 2002:
http://www.tcpdump.org/lists/workers/


please tell me when you know where.
by the way, i found a very good documentation about pcap library at the winpcap site(you can find it through tcpdump.org) . download the developer pack. this will contain any information you will EVER need about pcap. 

good luck and if you need anything let me know

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail 

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: