tcpindex - packet capture and search 1.0 (Default branch)
Tcpindex captures packets from a LAN and indexesall of the strings from those packets in aninverted index so they can be efficiently searchedusing keywords. Think of it like a simple searchengine for packets across the network.
Dear All
During one of mine script developemnt i am stuch at one sub part. Requiremnt is as below kindly help me.
IP file:
2015-02-28 10:10:15 AL M UtranCell UtranCell=RTE001X (unavailable)
2015-02-28 10:10:15 AL M UtranCell UtranCell=RTE001Y (unavailable)
2015-02-28 10:10:15 AL M... (6 Replies)
I have made an packet capture application running on intel machine, it is capturing packets with src address- 17.0.0.0 destination ip- 66.0.0.0, source port- 0, destination port- 0, and protocol- 0 what does these packets mean ?
The code written to interpreter captured bytes is given below.... (5 Replies)
Hi,
I am involved in a project on Debian. One of my requirement is to route an IP packet in my application to a proxy server and receive the reply from the proxy server as an IP packet. My application handles data at the IP frame level. My application creates an IP packet(with all the necessary... (0 Replies)
PCAP_NEXT_EX(3) Library Functions Manual PCAP_NEXT_EX(3)NAME
pcap_next_ex, pcap_next - read the next packet from a pcap_t
SYNOPSIS
#include <pcap/pcap.h>
int pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
const u_char **pkt_data);
const u_char *pcap_next(pcap_t *p, struct pcap_pkthdr *h);
DESCRIPTION
pcap_next_ex() reads the next packet and returns a success/failure indication. If the packet was read without problems, the pointer
pointed to by the pkt_header argument is set to point to the pcap_pkthdr struct for the packet, and the pointer pointed to by the pkt_data
argument is set to point to the data in the packet.
pcap_next() reads the next packet (by calling pcap_dispatch() with a cnt of 1) and returns a u_char pointer to the data in that packet.
The pcap_pkthdr structure pointed to by h is filled in with the appropriate values for the packet.
RETURN VALUE
pcap_next_ex() returns 1 if the packet was read without problems, 0 if packets are being read from a live capture, and the timeout expired,
-1 if an error occurred while reading the packet, and -2 if packets are being read from a ``savefile'', and there are no more packets to
read from the savefile. If -1 is returned, pcap_geterr() or pcap_perror() may be called with p as an argument to fetch or display the
error text.
pcap_next() returns a pointer to the packet data on success, and returns NULL if an error occured, or if no packets were read from a live
capture (if, for example, they were discarded because they didn't pass the packet filter, or if, on platforms that support a read timeout
that starts before any packets arrive, the timeout expires before any packets arrive, or if the file descriptor for the capture device is
in non-blocking mode and no packets were available to be read), or if no more packets are available in a ``savefile.'' Unfortunately,
there is no way to determine whether an error occured or not.
SEE ALSO pcap(3), pcap_geterr(3), pcap_dispatch(3)
5 April 2008 PCAP_NEXT_EX(3)