tcpdump mailing list archives
Re: regarding arp and rarp
From: "Ian McDonald" <ian.mcdonald () jandi co nz>
Date: Tue, 27 Jun 2006 12:08:26 +1200
On 6/27/06, Richard Hansen <pcap-ri () scientician org> wrote:
Guy Harris <guy () alum mit edu> wrote: > On Jun 26, 2006, at 12:03 PM, lalani () cs fsu edu wrote: > >> I am trying to disect ARP/RARP packet. >> Basically I am looking for this information: Operation code, >> Sender HW address, Sender Protocol address, Destination HW address >> and Destination Protocol address. >> Is there a direct way using pcap to get that information. > > You can use libpcap to get the raw contents of packets, > including ARP/ > RARP packets. > > You can't use libpcap to dissect ARP/RARP packets - or any > other type > of packets; it doesn't include any code to dissect packets. You > either have to write your own code to dissect them, or use some > existing code to dissect them (for example, you could copy the code > in tcpdump and modify it as necessary). Although I haven't tried it out, libnet (http://www.packetfactory.net/libnet/) looks like it can dissect ARP (along with a bunch of other protocols). Hope this helps, Richard -
As does libtrace: http://research.wand.net.nz/software/libtrace.php -- Ian McDonald Web: http://wand.net.nz/~iam4 Blog: http://imcdnzl.blogspot.com WAND Network Research Group Department of Computer Science University of Waikato New Zealand - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- regarding arp and rarp lalani (Jun 26)
- Re: regarding arp and rarp Guy Harris (Jun 26)
- Re: regarding arp and rarp Richard Hansen (Jun 26)
- Re: regarding arp and rarp Ian McDonald (Jun 26)
- Re: regarding arp and rarp Richard Hansen (Jun 26)
- Re: regarding arp and rarp Guy Harris (Jun 26)