![]() Or you might want to use an existing packet parsing library, such as libtrace for C or C++ or other libraries for other languages (I think they may exist for Perl, Python, C#, and Java, for example), as that may let you avoid doing a lot of the above. If the protocol is TCP, see RFC 793 for the format of the TCP header if the protocol is UDP, see RFC 768 for the format of the UDP header. See the IANA Protocol Numbers registry for the values of that field TCP is 6 and UDP is 17. If you want port numbers, you will have to check the "Protocol" field of the IPv4 header, or check the "Next header" field of the IPv6 header and handle extension headers, to determine what protocol is being carried on top of IP. See RFC 791 for the form of the IPv4 header see RFC 2460 for the form of the IPv6 header. You need to look at those headers to determine whether the packet is an IP packet if it is, then you need to parse the IPv4 or IPv6 header (depending on whether the headers indicate that it's an IPv4 or IPv6 packet, or, alternatively, on whether the "version" field in the header is 4 or 6 - the "version" field appears in the same location in the IPv4 and IPv6 header for LINKTYPE_RAW, you would have to look at the "version" field, as there are no headers in front of the IPv4 or IPv6 header) to find the source IP address. See the link-layer header type page for a list of the values for the network field in the file header and the corresponding format of the headers at the beginning of the packet data. As per what EJP said, you will have to parse the packet data yourself.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |