-1

I'm currently learning about TCP and packets. I'm working in the C programming language, and I understand how the pcap library can be used to sniff traffic on my computer. But can pcap be used to parse and read through a trace file as well? I need to track the TCP state information from a given trace file.

In a nutshell, I'm curious how I can go about opening a trace file with pcap to parse through it? If someone could get me moving towards the right direction, it would be greatly appreciated!

Vimzy
  • 1,871
  • 8
  • 30
  • 56

1 Answers1

0

But can pcap be used to parse and read through a trace file as well?

Yes. Most of the APIs you'd use are the same, but you'd use pcap_open_offline() to open a file rather than using pcap_open_live(), or pcap_create() and pcap_activate(), to open a device for a live capture.