We are capturing packets to a file using tcpdump(). I need to write a program to parse it, does anyone know where I could find a file layout for a dump file created by this tool?
Asked
Active
Viewed 601 times
2 Answers
1
The easiest way to parse the file is to read it with libpcap; libpcap can be used directly from C and C++, and there are wrappers for a number of other languages. That way you don't have to know what the file layout is (and you will also be able to read at least some pcap-ng files if your program is using libpcap 1.1 or later).
1
tcpdump uses libpcap; there are docs describing the libpcap file format which should give you what you need.
psmears
- 26,070
- 4
- 40
- 48