Ethereal-users: Re: [Ethereal-users] Accessing libpcap file contents

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 02 Dec 2004 03:00:15 -0800
Mina sina wrote:
I want to access contents of a libpcap file for the purpose of running queries of my own interest which are not supported by Ethereal. What you guys can suggest for me to do so. What environment will be good for it. 
What kind of queries are you doing?
Some programs might exist that can read libpcap files and do what you're trying to do, depending on what you're trying to do. 
Otherwise, you'll either have to write your own program to read the 
file, or modify Ethereal to support it, for example by adding a tap.

Writing your own program might require a lot of work, as all libpcap 
will do for you will be to read the file and packet headers, and give 
you, for each packet, a time stamp, a captured data length, a raw data 
length, and the raw packet data (the number of bytes being the captured 
data length) - you'll have to do all the dissection of the raw packet 
data yourself.