Hi Evan,
if Guy's points aren't a concern for you, you can just use libpcapnav.
It provides pcapnav_get_offset() which does what you want.
http://netdude.sourceforge.net/doco/libpcapnav/index.html
Cheers,
Christian.
--
On Nov 11, 2005, at 1:48 PM, Evan Hughes wrote:
I'm building a library that indexes packets in libpcap files. In
order to create and use such an index, I'd like to be able to get the
file location that each packet starts at.
Would I be violating encapsulation if I just use pcap_file()
Howdy,
I'm building a library that indexes packets in libpcap files. In
order to create and use such an index, I'd like to be able to get the
file location that each packet starts at.
Would I be violating encapsulation if I just use pcap_file() to
grab the file handle at the current packe
Guy Harris writes:
tcp && (ip[2:2] > (((ip[0]&0xF) + (tcp[12] >> 4)) << 2))
Extending this to check for TCP or UDP with non-empty payload, I got the
following:
# tcpdump -d 'ip && ((tcp && (ip[2:2] > ((ip[0]&0xF) + (tcp[12] >> 4))
<< 2)) || (udp && udp[4:2] > 8))'
(000) ldh [12]
(001
Thanks guy
snip--
It cannot, for example, detect packets lost on the network before
they arrive on the machine running the libpcap-based interface, such
as packets dropped by a router or switch because packet buffers
overflowed; that would have to be done, somehow, by the applicati
Hi Amitesh
Sorry for not replying earlier. I was not on campus yesterday.
The University of Pretoria uses a firewall to limit access to the Internet but
also a proxy server (for the students). According to someone I have spoken
about my problem the proxy server also uses the firewall for outsi
