Published at LXer:
In the
first part of the libpcap series a rudimentry packet reader (or sniffer) was built which could read and print tcp/ip traffic on a particular interface. In the second text a look at some simple checks of the data itself, adding options like
interface selection,
libpcap filter options and
verbosity levels. Some of the checks included are:
- IP Packet Truncation
- IP Header Length
- Ethernet Header Length
The filter options are eventually passed exactly like tcpdump using the tcpdump argv vector copy.
Text
Read More...