Reading Packets with libpcap Part 2

Posted by jayrfink on Sep 1, 2008 11:44 PM EDT
systhread.net; By Jason (Jay) R Fink
Mail this story
Print this story

In the first part of the libpcap series a rudimentry packet reader (or sniffer) was built which could read and print tcp/ip traffic on a particular interface. In the second text a look at some simple checks of the data itself, adding options like interface selection, libpcap filter options and verbosity levels. Some of the checks included are:

  • IP Packet Truncation
  • IP Header Length
  • Ethernet Header Length

The filter options are eventually passed exactly like tcpdump using the tcpdump argv vector copy.

  Text

In the first part of the libpcap series a rudimentry packet reader (or sniffer) was built which could read and print tcp/ip traffic on a particular interface. In the second text a look at some simple checks of the data itself, adding options like interface selection, libpcap filter options

and verbosity levels. Some of the checks included are:



  • IP Packet Truncation
  • IP Header Length
  • Ethernet Header Length


The filter options are eventually passed exactly like tcpdump

using the tcpdump argv vector copy.



  Text

Full Story

  Nav
» Read more about: Story Type: News Story, Tutorial; Groups: Debian, Linux

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.