0

I'm trying to create a program able to read pcap files.

with the pcap_open_offline and pcap_next_ex functions, i've been able to get some informations, like the header of the packets and the data.

But in this file there are way more informations, like protocol, source ip, destination ip, etc...

First, I suppose this informations are in the "data" part, in hexadecimal am i right?

Is there a way, without using jnetpcap, to get those informations? Do I have to create a function able to convert hexa in readable datas? Is that possible?

Marcus Müller
  • 34,677
  • 4
  • 53
  • 94
Charrette
  • 690
  • 1
  • 11
  • 29

1 Answers1

0

But in this file there are way more informations, like protocol, source ip, destination ip, etc...

First, I suppose this informations are in the "data" part, in hexadecimal am i right?

No, that's in the header.

Is there a way, without using jnetpcap, to get those informations?

Parse the headers. libpcap offers a few helper macros for that; see the official doc on http://www.tcpdump.org/pcap.html.

Marcus Müller
  • 34,677
  • 4
  • 53
  • 94
  • Isn't the header just contained in the pcap_pkthdr structure? Which only contain a timestamp, the length and the capture length? – Charrette Oct 21 '15 at 15:11
  • @Charrette: we're talking about different kind of headers, then! The destination, source and ports of course are in the *IP headers*. – Marcus Müller Oct 21 '15 at 15:15
  • Yes, but where is the IP header then? There must be one in each packet I get when I open my pcap file right? – Charrette Oct 21 '15 at 15:19
  • 1
    What you linked to is a quick tutorial written by Tim Carstens and further worked on by me; it's not an official document. The only structure in that tutorial that's provided by libpcap is `struct pcap_pkthdr`; all the other structures and macros *don't* come from libpcap (the versions in that tutorial were taken from some BSD networking stack). You'll have to copy those structures yourself from the tutorial. –  Oct 22 '15 at 00:07
  • Thank you for your help @MarcusMüller This page help me a lot – Charrette Oct 24 '15 at 12:37