[tcpdump-workers] libpcap usage while reading pcapNG files
Hi, Is there a way to get the "options" along with the "packet data "in an Enhanced Packet Block when reading the pcapNG files please? pcap_next_ex() seems to return only the packet data. Thanks Madhav. ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] libpcap usage while reading pcapNG files
On Sep 13, 2018, at 1:49 PM, Madhav Ancha wrote: > Is there a way to get the "options" along with the "packet data "in an > Enhanced Packet Block when reading the pcapNG files please? No. There are no provisions in the current pcap API to provide that information, as the API was designed when pcap format was the only format. Providing full support for pcapng would require a new API (which should be able to support pcap files as well). ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] libpcap usage while reading pcapNG files
Thanks Guy. Is the best way then to parse pcapNG in code and run bpf_filter on the packets please. a) open the pcap file in c b) parse the blocks c) For every enhanced packet block c1) Manually construct struct pcap_pkthdr * c2) Run bpf_filter explicitly This file can be updated as it is being parsed. So d) refresh the file when EOF :-) On Thu, Sep 13, 2018 at 4:59 PM Guy Harris wrote: > On Sep 13, 2018, at 1:49 PM, Madhav Ancha > wrote: > > >Is there a way to get the "options" along with the "packet data "in an > > Enhanced Packet Block when reading the pcapNG files please? > > No. There are no provisions in the current pcap API to provide that > information, as the API was designed when pcap format was the only format. > > Providing full support for pcapng would require a new API (which should be > able to support pcap files as well). > ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
