IMHO for real time, the most appropriate solution for you is snort
(www.snort.org) the IDS. You can set up a rule to trigger off the
packets and use the flexresp system to start your response program.
Since snort does this in real time packet by packet it would likely yield
an easier development path for you.
Ethereal is a great tool... but it is already a large tool and saddling it with
real time filtering response and state seems like overkill.
just my 2c,
--dr
On Wed, 28 Jun 2000, Ben Fowler wrote:
> >Hello. I am working on a project that involves monitoring certain UDP
> >packets, and then responding to those in real time based on the data within
> >them. I came across ethereal and libpcap, but it looks like all the packet
> >data is buffered and then analyzed. Realizing that I need help from the
> >experts, I turn to you for advice.
> >[ ...]
> >
> >What I want to do: look at all UDP packets coming across wire in real
> >time ...
> >If packet data contains such and such, capture this data to a C struct or
> >something, and pass it to my client program for processing.
> >
> >That's pretty much it. i am not sure if ethereal is the tool for this or if
> >libpcap is. If I am completely looking in the wrong direction, please let me
> >know so. I am very new to packet stuff, so sample source or pointers to such
> >would be very much appreciated.
>
> If I were doing this, I would use ethereal and I would make a dissector
> that worked the same as packet-udp.c; this code gets control for
> each UDP packet received - you could do whatever you wanted.
>
> Ben
>
> --
> Leedsnet - The information resource for Leeds and the West Riding
> < URL:http://www.leedsnet.com/mobile/ >
--
dursec.com ltd. / kyx.net - we're from the future http://www.dursec.com