Wireshark-dev: Re: [Wireshark-dev] need a C utility to search data in hex dump

From: prashanth joshi <prashanthsjoshi2000@xxxxxxxxx>
Date: Thu, 4 Mar 2010 07:17:23 -0800 (PST)

Hi Jakub,
 
Thanks very much for the reply.
 
Regards,
Prashanth
--- On Thu, 3/4/10, Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx> wrote:

From: Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] need a C utility to search data in hex dump
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Date: Thursday, March 4, 2010, 6:24 AM

On Thu, Mar 04, 2010 at 05:36:56PM +0530, prashanth s wrote:
> I have read the data from the pcap file in to a buffer. Now I need to search
> for a pattern in the data from pcap stored in buffer.
> Could anyone please tell me a c function that can be used to search for the
> pattern?
> For example the data may contain  00 0f a2 ee cd 34 23 78 00    and I need a
> c function to search for cd34.

You can try memmem() [GNU extension]

  const char pattern[] = { 0xcd, 0x34 };
  memmem(buf, buflen, pattern, sizeof(pattern));
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe