Re: Writing pcap files with fake headers?

[Michael Richardson <mcr () sandelman ca>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> > > > > "Roy" == Roy Smith <roy () panix com> writes:
    Roy> I've got an application which listens for UDP (SNMP) data.  We
    Roy> want to add a logging feature where every UDP packet that's
    Roy> received is stored for future analysis.  The obvious file
    Roy> format is pcap.  It's simple and lets us take advantage of lots
    Roy> of existing pcap-aware tools.  The problem is we don't have all
    Roy> the data to write out the normal packet contents that would be
    Roy> in a pcap file.

I had the same issue.  I did what you did.
I also wanted to read packets (for testing purposes) from pcap saved
files and play them back in a unit test. 

http://github.com/mcr/unstrung/blob/master/testing/unit/recv-01/recv-01.cpp

is the result.

- -- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
                       then sign the petition. 
    
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBS7xqyoCLcPvd0N1lAQJq3Qf/UYQGwhU1muAtrz2+R5msQU8OGUDWjb9p
nTWaKuZcDXfYjT5Ujks413UDjzjNkaPkP6CK/wmilj9seCd0Aik+ZQfrz1CTmhDI
8UUgcfZBWy2/itdzCjX7udzB3N0z/ulgXzVery32v+lGiqaxWRne2cbzqkJmnpGp
8fmHMndrxZIeYDEl3EIMH8fKxDKvVlXzQmIBK4JKY+fn6gDJ83TGGaq7AU3juYvC
eLe/sJ7lGZfy84gC+wnVd2mGpv9WmLjKBAhLf8B6fmSUx3IhPN2Ri8u7p+zx7584
SekU4OJ1iQ5PAEuAEC1tk7MP9wpm2SBN/yVjg8ByCOjeugVbKGlhYQ==
=iTPo
-----END PGP SIGNATURE-----
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.