How to Capture Raw Packets (no Decode) with PCAP
Hello,
I am trying to Capture a Packet on linux using libpcap. I see that If I use 'pcap_next' to receive the packet, PCAP actually decodes the packet into certain data structures and returns a pointer to these structure. Is there a way I can capture the entire packet as an undecoded stream of octets ie., as a HEX array? I dont want PCAP to decode the packet for me. If this is not possible, is there a routine to convert the decoded packet (Packet in structures as returned by pcap) and convert it into a HEX array? OR, is there a better way of capturing RAW packets (Complete packets as a stream of octets) on Linux? Thanks, Kidskc |
In the structture you get there is an array, in fact. The packet is passed to you as it was captured. Pcap only adds a small number of info that's really needed and couldn't be taken from the packet directly: time it arrived and it's length (full and captured, they may not match each other and they may not be correct, ebcause broken packets happen).
Another option you have is raw sockets interface, look into packet manual (man 7 packet). |
All times are GMT -5. The time now is 05:03 AM. |