How to Capture Raw Packets (no Decode) with PCAP
I am trying to Capture a Packet on linux using
libpcap. I see that If I use 'pcap_next' to receive
the packet, PCAP actually decodes the packet into certain data
structures and returns a pointer to these structure.
Is there a way I can capture the entire packet as an
undecoded stream of octets ie., as a HEX array?
I dont want PCAP to decode the packet for me. If
this is not possible, is there a routine to convert
the decoded packet (Packet in structures as returned
by pcap) and convert it into a HEX array?
OR, is there a better way of capturing RAW packets (Complete packets as a stream of octets) on Linux?
In the structture you get there is an array, in fact. The packet is passed to you as it was captured. Pcap only adds a small number of info that's really needed and couldn't be taken from the packet directly: time it arrived and it's length (full and captured, they may not match each other and they may not be correct, ebcause broken packets happen).
Another option you have is raw sockets interface, look into packet manual (man 7 packet).
|All times are GMT -5. The time now is 08:47 PM.|