tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Packet captured with PCAP

From: "Jacky Buyck" <jacky.buyck () wanadoo fr>
Date: Wed, 12 Mar 2003 22:28:08 +0100
HI.
    Be carefull. The fact that the parameter is passe as a u_char doesn't
indicate that it will contain a displayable string.
    u_char only specify the way data are stored. Here is refer as byte. In
this case, if you try to display directly this data you'll have some
trouble.

    TCP Mailing can correct me if I'm wrong.

JB.


----- Original Message -----
From: "Marc-André Breton" <marc.andre.breton () lagrit etsmtl ca>
To: <tcpdump-workers () tcpdump org>
Sent: Wednesday, March 12, 2003 9:47 PM
Subject: [tcpdump-workers] Packet captured with PCAP



Hi all,

I begin to work with pcap and I have some problem. I would only see packet
contents on my screen. First I called pcap_loop like this...

pcap_loop(handle,-1,traitement_pkt,NULL);

/*My callback function is*/

void traitement_pkt(u_char *args, const struct pcap_pkthdr *header, const
u_char *packet)
{
  printf("Voici le paquet capture via pcap_loop\n%s\n",packet);
}

In pcap-tutorial (http://www.tcpdump.org/pcap.htm) it is wrote : "Then

they

simply create a u_char string and stuff the structures into it." ...
"Basically, all that has happened when pcap stuffed these structures into

a

u_char is that all of the data contained within them was put in a string,

and

that string was sent to our callback. "

If I understand well, the packet passed to my callback function (const

u_char

*packet) is under a string format. So I don't understand why my callback
function didn't show this string. It shows me "Voici le paquet capture via
pcap_loop" and that's all !?

In my future program, I would like that my callback function search a

specific

string inside this packet string.

Is there someone who can help me please??

Another question, where can I see archives from Jan and Feb 2003? The
following link stop at December 2002:
http://www.tcpdump.org/lists/workers/

Thanks for your help!
Marc-Andre
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use

mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: