tcpdump mailing list archives
Re: reading .cap files
From: Aaron Turner <synfinatic () gmail com>
Date: Tue, 12 May 2009 07:49:27 -0700
On Tue, May 12, 2009 at 1:32 AM, Andrej van der Zee <andrejvanderzee () gmail com> wrote:
Hi, Sorry if it has been asked before. I need to read .cap files produced by tcpdump from c/c++. More specific, I need to read the timestamp, the protocol, the number of bytes of the package (including the data) and the destination IP of each package in .cap. My questions are: * I have no control over the version of tcpdump that is being used for the generation of .cap files. Do I have to write different code for many versions of tcpdump?
Nope.
* What library can I use?
libpcap (or winpcap under Windows). You will need to decode the packet yourself to get the IP address information though. -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- reading .cap files Andrej van der Zee (May 12)
- Re: reading .cap files Aaron Turner (May 12)