tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: reading .cap files

From: Aaron Turner <synfinatic () gmail com>
Date: Tue, 12 May 2009 07:49:27 -0700
On Tue, May 12, 2009 at 1:32 AM, Andrej van der Zee
<andrejvanderzee () gmail com> wrote:

Hi,

Sorry if it has been asked before.

I need to read .cap files produced by tcpdump from c/c++. More specific, I
need to read the timestamp, the protocol, the number of bytes of the package
(including the data) and the destination IP of each package in .cap. My
questions are:

* I have no control over the version of tcpdump that is being used for the
generation of .cap files. Do I have to write different code for many
versions of tcpdump?


Nope.


* What library can I use?


libpcap (or winpcap under Windows).  You will need to decode the
packet yourself to get the IP address information though.

-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: