[Winpcap-users] Re: filtering traffic using payload contents
Ramiro Polla
ramiro86 at hotmail.com
Wed Apr 19 14:28:21 GMT 2006
Hello,
First you must remember that the string you're looking for might be divided
between packets, because winpcap does not reconstruct streams.
After you have a packet (probably with pcap_next_ex), look at the examples
in winpcap's documentation that show how to get the TCP or UDP information,
and pass that data to a function that searches what you're looking for. If
the string is found, capture it.
That function might be something like:
int look_for_string( char* data, int len )
{
int i;
char search_string = "look for this string";
if( len < sizeof(search_string) )
return FALSE;
for( i = 0 ; i < ( len - sizeof(search_string) ) ; i++ )
{
if( !strcmp( buf+i, search_string ) )
return TRUE;
}
return FALSE;
}
>From: joe kibz <chikabanga2005 at yahoo.com>
>Reply-To: winpcap-users at winpcap.org
>To: winpcap-users at winpcap.org
>Subject: [Winpcap-users] Re: filtering traffic using payload contents
>Date: Wed, 19 Apr 2006 06:59:02 -0700 (PDT)
>
>Hi, i gotta problem ;
>
> My application needs to :
> -capture traffic
> -look for given string in payload
>contents*
> -capture packets that have given string
>in payload
>
> My question is how do you -** look for given string in payload
>contents** ?
>
>
> joe
>
>
>---------------------------------
>How low will we go? Check out Yahoo! Messenger’s low PC-to-Phone call
>rates.
>_______________________________________________
>Winpcap-users mailing list
>Winpcap-users at winpcap.org
>https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list