Home > OS >  How to listen so and get TCP/UDP content?
How to listen so and get TCP/UDP content?

Time:02-22

I need to monitor front-end ports on the custom protocol based on the TCP/UDP messages, these messages are filtered to get part and saved as a file, so need to analyze content of TCP/UDP, dumpcap can catch pcap_t format package, but how to get a specific TCP/UDP content?

Some people say that (https://stackoverflow.com/questions/26699631/what-structure-pcap-t-have) : 
 pcap_t is to be treated as an opaque handle. You are not supposed to access any of its members. Once created, You only pass it to other pcap functions provides.


Some say: 
 struct pcap {
Int fd. 
Int the snapshot. 
Int the linktype; 
Int tzoff;/* timezone offset */
Int offset./* offset for the proper alignment */

Struct pcap_sf sf. 
Struct pcap_md md; 

/* 
* Read buffer. 
*/
Int bufsize; 
U_char * buffer; 
U_char * bp; 
Int cc; 

/* 
* Place holder for pcap_next (). 
*/
U_char * PKT. 


/* 
* Placeholder for the filter code if BPF not in the kernel. 
*/
Struct bpf_program fcode; 

char errbuf[PCAP_ERRBUF_SIZE]; 
};


To the struct, content is in memory buffer points to? Is the content of the corresponding Ethernet frames or other format?

If not, what other way to get the complete TCP/UDP content?

Page link:https//www.codepudding.com/os/102205.html

Prev:Did you bosses, WIN10 open API about the lunar calendar?
Next:Linux 3.10 sleep 1 frequently scheduling result in kernel caton
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding