开发者

Where can I find a file/struct layout for a tcpdump() file?

开发者 https://www.devze.com 2023-01-01 05:15 出处：网络

We are capturing packets to a file using tcpdump().I need to write a program to parse it, does anyone know where I could find a f开发者_Python百科ile layout for a dump file created by this tool?tcpdum

相关专题：logging parsing tcpdump

We are capturing packets to a file using tcpdump(). I need to write a program to parse it, does anyone know where I could find a f开发者_Python百科ile layout for a dump file created by this tool?

tcpdump uses libpcap; there are docs describing the libpcap file format which should give you what you need.

The easiest way to parse the file is to read it with libpcap; libpcap can be used directly from C and C++, and there are wrappers for a number of other languages. That way you don't have to know what the file layout is (and you will also be able to read at least some pcap-ng files if your program is using libpcap 1.1 or later).