I want to read through a tcp dump file and print out the packet lengths and their start and end time or just time stamps. I know that pcap libraries can do this. But I could not find a concrete example of opening a dump file and processing it for that information. I am okay with any languages and platform.
Asked
Active
Viewed 683 times
0
-
do you want to write wireshark-like program ( http://www.wireshark.org/ ) ? – PiotrNycz Nov 21 '12 at 23:22
-
hi if wireshark can give me what I want I dont need to write a program, I just want the packet size and timestamp. – P basak Nov 23 '12 at 00:23
1 Answers
0
You want pcap_open_offline(). There's a man page for it, and here's an example of using it.
whamma
- 8,088
- 1
- 14
- 19
-
Note that the example program is assuming that the file is an Ethernet capture (without bothering to check whether it is) and that there are neither IP or TCP options (i.e., neither the IP nor TCP header is guaranteed to be exactly 20 bytes long). – Nov 22 '12 at 18:45