Re: regarding arp and rarp

["Ian McDonald" <ian.mcdonald () jandi co nz>]

On 6/27/06, Richard Hansen <pcap-ri () scientician org> wrote:
> Guy Harris <guy () alum mit edu> wrote:
> > On Jun 26, 2006, at 12:03 PM, lalani () cs fsu edu wrote:
> >
> >>  I am trying to disect ARP/RARP packet.
> >>  Basically I am looking for this information: Operation code,
> >> Sender HW address, Sender Protocol address, Destination HW address
> >> and Destination Protocol address.
> >>  Is there a direct way using pcap to get that information.
> >
> > You can use libpcap to get the raw contents of packets,
> > including ARP/
> > RARP packets.
> >
> > You can't use libpcap to dissect ARP/RARP packets - or any
> > other type
> > of packets; it doesn't include any code to dissect packets.  You
> > either have to write your own code to dissect them, or use some
> > existing code to dissect them (for example, you could copy the code
> > in tcpdump and modify it as necessary).
>
> Although I haven't tried it out, libnet (http://www.packetfactory.net/libnet/) looks like it can dissect ARP (along 
> with a bunch of other protocols).
>
> Hope this helps,
> Richard
>
>
> -
As does libtrace:
http://research.wand.net.nz/software/libtrace.php

--
Ian McDonald
Web: http://wand.net.nz/~iam4
Blog: http://imcdnzl.blogspot.com
WAND Network Research Group
Department of Computer Science
University of Waikato
New Zealand
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.