2

I am trying to write a c code to leave tcpdump running while my program is active and then in real-time getting the tcpdump output into my code for further processing. I am capturing a very specific traffic (I have been able to acheive that in cmd) and I want to get the information of each captured packets in real-time into my code in order to process them. It is expected that these packets I am capturing come every 10-20 seconds, which means that I need to run tcpdump and every 10-20 sec I get the information into my code and process them.

An ideas on how to do that please?

Ibra
  • 53
  • 6
  • good questions; i know there are online resources but i would lke to see what the community has to say – Devarsh Desai Aug 16 '14 at 22:34
  • Use libpcap, see http://www.tcpdump.org/pcap.html – MrTux Aug 16 '14 at 22:34
  • Ok, I am dealing with ipv6 packets and looking for tutorials and examples on using libpcap to process ipv6 packets but I could not find any as most of them considering ipv4 only, is any one aware of any ipv6 examples or how process ipv6 packets? – Ibra Aug 17 '14 at 00:12

1 Answers1

2

If you want to analyze captured packets in real-time you should not run and parse tcpdump output, but use the underlying API/library directly: Which is libpcap.

See http://www.tcpdump.org/pcap.html

MrTux
  • 32,350
  • 30
  • 109
  • 146
  • Ok, I am dealing with ipv6 packets and looking for tutorials and examples on using libpcap to process ipv6 packets but I could not find any as most of them considering ipv4 only, is any one aware of any ipv6 examples or how process ipv6 packets? – Ibra Aug 17 '14 at 00:13
  • http://stackoverflow.com/questions/6256821/can-i-use-pcap-library-for-receiving-ipv6-packets – MrTux Aug 17 '14 at 01:05