Thanks Guy.
Is the best way then to parse pcapNG in code and run bpf_filter on the
packets please.
a) open the pcap file in c
b) parse the blocks
c) For every enhanced packet block
c1) Manually construct struct pcap_pkthdr *
c2) Run bpf_filter explicitly
This file can be updated as it is
On Sep 13, 2018, at 1:49 PM, Madhav Ancha wrote:
> Is there a way to get the "options" along with the "packet data "in an
> Enhanced Packet Block when reading the pcapNG files please?
No. There are no provisions in the current pcap API to provide that
information, as the API was designed whe
