On Sat, Feb 03, 2001 at 12:53:38AM +0530, satty wrote:
> sir,
>
> We are undergraduate students who as a part of our project have been assigned to develope a network traffic analyser.
> I am using your winpcap . I need to know the source ip address of the incomming data packet.We have been unsuccessful in retreving the ip adddress from the data captured.Can you please help us by giving us proper method to find the address.
>
> Thanking You
> Satish
> &
> Dilip
> sat12@xxxxxxxxxxxxx
Winpcap is not our product; it is a product of Politecnico di Torino, at:
http://netgroup-serv.polito.it/winpcap/
However, what you get from winpcap (or libpcap) is an array of bytes which
represent the data sent on the wire. You have to parse this array of
bytes into the protocols that it represents. If you capture on Ethernet,
then you have to start decoding the array according the Ethernet protocol
specification. Then another protocol follows, etc. The specifications for most
useful protocols are available as RFC's. One place to find those is at:
http://community.roxen.com/developers/idocs/rfc/
--gilbert