Where can I find a file/struct layout for a tcpdump() file?
https://stackoverflow.com/questions/2908726
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
We are capturing packets to a file using tcpdump(). I need to write a program to parse it, does anyone know where I could find a file layout for a dump file created by this tool?
Solution
tcpdump uses libpcap; there are docs describing the libpcap file format which should give you what you need.
OTHER TIPS
The easiest way to parse the file is to read it with libpcap; libpcap can be used directly from C and C++, and there are wrappers for a number of other languages. That way you don't have to know what the file layout is (and you will also be able to read at least some pcap-ng files if your program is using libpcap 1.1 or later).
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
