tcpdump mailing list archives
Re: regarding arp and rarp
From: "Richard Hansen" <pcap-ri () scientician org>
Date: Mon, 26 Jun 2006 18:56:37 -0400
Guy Harris <guy () alum mit edu> wrote:
On Jun 26, 2006, at 12:03 PM, lalani () cs fsu edu wrote:I am trying to disect ARP/RARP packet. Basically I am looking for this information: Operation code, Sender HW address, Sender Protocol address, Destination HW address and Destination Protocol address. Is there a direct way using pcap to get that information.You can use libpcap to get the raw contents of packets, including ARP/ RARP packets. You can't use libpcap to dissect ARP/RARP packets - or any other type of packets; it doesn't include any code to dissect packets. You either have to write your own code to dissect them, or use some existing code to dissect them (for example, you could copy the code in tcpdump and modify it as necessary).
Although I haven't tried it out, libnet (http://www.packetfactory.net/libnet/) looks like it can dissect ARP (along with a bunch of other protocols). Hope this helps, Richard - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- regarding arp and rarp lalani (Jun 26)
- Re: regarding arp and rarp Guy Harris (Jun 26)
- Re: regarding arp and rarp Richard Hansen (Jun 26)
- Re: regarding arp and rarp Ian McDonald (Jun 26)
- Re: regarding arp and rarp Richard Hansen (Jun 26)
- Re: regarding arp and rarp Guy Harris (Jun 26)