Re: packets direct access

["Aaron Turner" <synfinatic () gmail com>]

Look at libpcapnav: http://netdude.sourceforge.net/

On Fri, Feb 29, 2008 at 4:18 AM, Giovanni Venturi <giovanni () ksniffer org> wrote:
> Hello,
>  I'm new in this list. I wrote a sniffer using libpcap but I've got some
>  questions. I'd like to access directly to the packets number N in the dump
>  file. How can I do without start form the first packet and go on sequentially
>  till the N packet? I ask you this becase If I've got a file with 100'000
>  packets and I want to display the information of the 99'000th packet, if read
>  sequentially packet after packet, this operation can also to last 2-3 minutes
>  or more.
>  I was thinking to store in a vector the lenght of each packets, so adding the
>  lenghts of the first 89999 packets I can know that the data is contained
>  after the SUM bytes, so I can do a seek into the dumped file, but there are 2
>  problems to do this:
>   1. when I save a pcap packet in a dump file it is bigger that its real lenght
>  (so I can't predict if a packet is of D bytes how many bytes will fill in the
>  file);
>   2. how can I access directly to the packet starting from the byte SUM in the
>  dump file? (a seek on the dumped file)... I found no function that do this in
>  the libpcap code.
>
>  Does someone can give me some hints?
>  Giovanni


-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.  -- Benjamin Franklin
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.