On Sun, Jun 10, 2001 at 02:21:38PM +0300, Nawar, Hany Nader Soliman (Hany) wrote:
> I'd like to know if there is a set of APIs in the tcpdump and if yes, where
> is it and how to use it?
> In other words, how to write a program like ethereal, built on top of
> tcpdump.
Tcpdump doesn't have any APIs it exports for use by programs built atop
it. The library it uses for packet capture is the same library Ethereal
uses for packet capture - libpcap - and it *does* have APIs, but they
only deliver raw packets to the program; the program has to do its own
work dissecting those packets.
Several years ago, some people at the University of Washington took
tcpdump and modified its code to build a Motif-based GUI packet analyzer
atop it; it doesn't appear to have had work done on it in over 7 years,
but it can be found at
ftp://ftp.cac.washington.edu/pub/noc-tools/tcpview/
if you're curious. Note that it's based on an over-7-year-old version
of tcpdump - which even predates the split of tcpdump into libpcap and
tcpdump - and, as such, is missing a lot of stuff that's currently in
tcpdump.