This is an example of C code used to read in a pcap file (as output by tcpdump or wireshark) with the pcap library. This code is only tested to work on my system (OS X 10.5 and gcc), so let me know if it doesn’t work on yours.
To use: install the pcap libraries on your system and compile with the “-lpcap” switch. For this program the command line arguments are a list of pcap files to read in. The program keeps track of simple byte counts and traffic volume, but illustrates the use of pcap_next and how to access the data in the packet (in this case to get at the IP header).
try this:
http://inst.eecs.berkeley.edu/~ee122/fa07/projects/p2files/packet_parser.c
or this: