Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

reading a pcap file in c++

Tags:

c++

header

pcap

I want to read a pcap file and get the header information of the packets of a flow...

for this I found a c++ program from http://www.cnblogs.com/xiangshancuizhu/archive/2012/10/14/2723654.html which read the pcap file and have a header pointer , this pointer

class just point to length of header, but I want to access the other features of header

such as syn,fin,ack,seq no,....here is my code, how can I do this?

 char errbuff[PCAP_ERRBUF_SIZE];

/*
* Step 4 - Open the file and store result in pointer to pcap_t
*/

// Use pcap_open_offline
// http://www.winpcap.org/docs/docs_41b5/html/group__wpcapfunc.html#g91078168a13de8848df2b7b83d1f5b69
pcap_t * pcap = pcap_open_offline(file.c_str(), errbuff);

/*
* Step 5 - Create a header and a data object
*/

// Create a header object:
// http://www.winpcap.org/docs/docs_40_2/html/structpcap__pkthdr.html
struct pcap_pkthdr *header;

// Create a character array using a u_char
// u_char is defined here:
// C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Include\WinSock2.h
// typedef unsigned char   u_char;
const u_char *data;

/*
* Step 6 - Loop through packets and print them to screen
*/
u_int packetCount = 0;
while (int returnValue = pcap_next_ex(pcap, &header, &data) >= 0)
{
    // Print using printf. See printf reference:
    // http://www.cplusplus.com/reference/clibrary/cstdio/printf/

    // Show the packet number
    printf("Packet # %i\n", ++packetCount);

    // Show the size in bytes of the packet
    printf("Packet size: %d bytes\n", header->len);

and header is a structure like:

struct pcap_pkthdr {
    struct timeval ts;  /* time stamp */
    bpf_u_int32 caplen; /* length of portion present */
    bpf_u_int32 len;    /* length this packet (off wire) */
};

and I want this structure have more members, what should I do? thanks a lot.

like image 990
m.eslampnah Avatar asked Nov 15 '25 13:11

m.eslampnah

1 Answers

You can't add more fields to pcap_pkthdr - libpcap won't do anything with those fields. Packet data fields, such as the link-layer, IP, and TCP headers, are NOT features of that header.

The packet data is pointed to by the data variable. That's where the link-layer header is, where the IP header is in IP packets, where the TCP header is in TCP packets, and so on. See, for example, Tim Carstens' tutorial on how to use libpcap.

You might want to look at building your program using libcrafter, which is "a high level library for C++ designed to make easier the creation and decoding of network packets". You may not be interested in the "crafting" part, but would be interested in the "decoding" part.

Sign in to Comment

Related questions

Linking to SHARED Q_OBJECT: unresolved external symbol "public: static struct QMetaObject const A::staticMetaObject"
Selecting overload to reference-accepting function
GTK : How to set the Height of a VBox?
Cache aligned memory allocation on Intel CPU
'Clang-Tidy: Do not implicitly decay an array into a pointer' when using std::forward and const char*
How to constrain class template by disabling type argument of specialization itself, and why does(n't) it work?
Why is the return type of isdigit() int instead of boolean?
Does std::move called on a prvalue deconstruct the object?
If-with-initializer lifetime extension
Are arrays of simd vectors naturally inefficient?
How can I convert a char into an int within the range of 0 and 255 in C++
"no matching function for call" in initialiser list for char [] [duplicate]
How does flushing work between C and C++ streams when they are synchronized?
Why is attribute noinline ignored by gcc-15.1.0 in this example?
Am I calculating my FPS correctly?
Qt - Setting the buddies
template method "=0" in the parameter list

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!