The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > High Level Programming
Filtering paquets with pcap.h Filtering paquets with pcap.h
Google UNIX.COM
Forums Portal Register Forum Rules FAQContribute Members List Arcade Search Today's Posts Mark Forums Read


High Level Programming Post questions about C, C++, Java, SQL, and other programming languages here.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Pcap.h Sniffing papabearcares Shell Programming and Scripting 0 04-16-2008 09:22 PM
Pcap.h Sniffing papabearcares High Level Programming 0 04-16-2008 09:21 PM
awk and sed filtering invinzin21 Shell Programming and Scripting 2 01-10-2008 11:56 PM
pcap.h Pervez Sajjad High Level Programming 8 07-05-2006 12:09 AM
Compiling Pcap.c TioTony High Level Programming 6 01-22-2002 07:15 AM

Reply
 
Submit Tools LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 03-03-2008
Registered User
  

Join Date: Mar 2008
Location: Paris, France
Posts: 2
Stumble this Post!
Filtering paquets with pcap.h
Hello everybody!!

I am currently doing my intership and I need some tips for Pcap.h.

I search some tips tp filter my paquets in a C program with the Pcap.h librairy. The onlys thing I have found is thaht I can filter low level protocol with their name like (tcp/udp..). But for the higher protocols I have to use lower protocol names with ports number. Do you know I could do to filter the higher protocols with their name like (HTTP, MSNP...)

Thanks for you help.
Reply With Quote
Forum Sponsor
  #2 (permalink)  
Old 03-03-2008
Registered User
  

Join Date: Dec 2007
Location: Virginia, USA.
Posts: 250
Stumble this Post!
Detecting signatures of various application layer protocols is usually the domain of applications built on low level packet inspection facilities like libpcap: IDS, etc..
There are plenty of IDS with open codebases and modular frameworks. You could check out sourceforge and take a look under security.
Reply With Quote
  #3 (permalink)  
Old 03-03-2008
Registered User
  

Join Date: Mar 2008
Location: Paris, France
Posts: 2
Stumble this Post!
Do you think that their is an IDS who can perform a full extraction form a pcap file? Because I need to develop a program wtich can extract the datas and restore it clearly.
Reply With Quote
  #4 (permalink)  
Old 03-03-2008
Registered User
  

Join Date: Dec 2007
Location: Virginia, USA.
Posts: 250
Stumble this Post!
Sure. But the pcap_dump() function and whatever method you use to store the u_char packet data and pcap_pkthdr elements gives you the raw information you need. The parsing logic for packet and packet header is what it sounds like you need.

This may help..I don't think it's very well written but it gives you a start.
libpcap packet capture tutorial
Reply With Quote
Google The UNIX and Linux Forums
Reply

« probs compiling with gcc + lpthread | C function to test existence of a login »
Thread Tools
Display Modes
Linear Mode Linear Mode




All times are GMT -7. The time now is 05:24 PM.

The UNIX and Linux Forums RSS Feeds - Contact Us - The UNIX and Linux Forums - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008 The CEP Blog All Rights Reserved -Ad Management by RedTyger Visit The Global Fact Book

Content Relevant URLs by vBSEO 3.2.0