If you're just looking at packet meta-information, any environment
would be good. I would even go as far as suggesting you use a
scripting language, like Perl or Python, that has a libpcap module, to
make your programming easier than having to program "queries" in C.
However, if you're looking at the information in the protocols in the
packet, you would have to either write some minimal protocol
dissectors for your program (not fun), or make use of another program
which dissects these protocols. Depending on your needs, hacking
tcpdump or Ethereal would be the way to go. (There's also Analyzer,
but I don't know the source code well enough to talk about it).
Another way to go is to have tethereal do the dissection for you, and
your query program can read the text or XML output of tethereal, and
then do its analysis.
--gilbert
On Wed, 1 Dec 2004 01:33:13 -0800 (PST), Mina sina <silamsuomi@xxxxxxxxx> wrote:
>
>
> Hi all,
> I want to access contents of a libpcap file for the purpose of running
> queries of my own interest which are not supported by Ethereal. What you
> guys can suggest for me to do so. What environment will be good for it.
> You can consider it as coming up with new features in Ethereal.
> I am waiting for ur valuable guidance.
> Best regards,
> Silam
> Finland
>
> ________________________________
> Do you Yahoo!?
> The all-new My Yahoo! – Get yours free!
>
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
>
>