searching tcp payload for a string occurrence

Asked Jan 21 '14 at 06:52

Active Jan 21 '14 at 06:52

Viewed 175 times

i am writing a code to search tcp payload of every packet in a libpcap file, to search for a string.

so what i am trying to do is,

 pcap_handle_in = pcap_open_offline(infile, pcap_errbuf);   
 .
 .
 .
 while (pcap_next_ex(pcap_handle_in, &pcap_header, &pcap_packet) > 0) {
 .
 .

 if (memmem(packet, len, search, strlen(search))) {
            found++;
 }

it is working fine, but it will print also those packets , containing this string as a sub-string. i want to eliminate this sub-string packets. but coudn figure out how.

suggestions pls..

asked Jan 21 '14 at 06:52

user3013807

what you are saying is if you are looking for 'test' in the tcp payload you will also get 'testmore' for example? if yes that what is the marker that determines that? is that a white space? – liv2hak Jan 22 '14 at 07:36
yes,this is my problem. actually there can be more information in that packet after occurrence of that string, so i dont know what would be ahead of that string. – user3013807 Jan 25 '14 at 05:21

searching tcp payload for a string occurrence

0 Answers0