[Winpcap-users] Lib that analyse a pcap dump file

Loris Degioanni loris.degioanni at cacetech.com
Thu Sep 7 15:58:59 GMT 2006


Thai Pham Vinh wrote:

> Hi David,
> 
> I know winpcap and libpcap. I have to parse the packets myself if I base on
> winpcap/libpcap to develop the application. I think someone has developed libraries that
> provide the parsing/analysing functions on the winpcap/libpcap dump files.

Wireshark, as far as I know, has all the dissectors in a library called 
(in Windows) libwireshark.dll. It's GPLd (so you have to release the 
source of your program if you use it), its interface is documented not 
to be stable, it's super-powerful and complete, but its size in the last 
wireshark version is more than 30MB.

If it's too much, I normally find the tcpdump/WinDump source code a good 
reference for protocol dissectors. It's much smaller and easy to manage. 
It's not under the form of a library however.

Loris


> Thanks for your information,
> Thai.
> 
> On Wed, 6 Sep 2006 22:55:01 -0700, David Chang wrote
>> Thai,
>>
>> If you wish to write a C program, you can use Winpcap (Windows platform) or 
>> Libpcap (Unix platform) which is what tcpdump (and many other sniffers) is 
>> based on.  Libpcap can be found at www.tcpdump.org.  Winpcap can be found at 
>> www.winpcap.org.
>>
>> DC
>>
>> ----- Original Message ----- 
>> From: "Thai Pham Vinh" <pvthai at tma.com.vn>
>> To: <winpcap-users at winpcap.org>
>> Sent: Wednesday, September 06, 2006 5:47 PM
>> Subject: Re: [Winpcap-users] Lib that analyse a pcap dump file
>>
>>> Hi David,
>>>
>>> As I know, Ethereal is a kind of application. Does it provide some 
>>> function calls? I
>>> haven't tries wireshark. Is it a kind of library?
>>>
>>> Thanks,
>>> Thai.
>>>
>>> On Wed, 6 Sep 2006 17:24:07 -0700, David Chang wrote
>>>> Have you tried ethereal or wireshark?
>>>>
>>>> DC
>>>>
>>>> ----- Original Message ----- 
>>>> From: "Thai Pham Vinh" <pvthai at tma.com.vn>
>>>> To: <winpcap-users at winpcap.org>
>>>> Sent: Wednesday, September 06, 2006 4:51 PM
>>>> Subject: [Winpcap-users] Lib that analyse a pcap dump file
>>>>
>>>>> Dear all,
>>>>>
>>>>> Do we have any libraries that provide some functions like: sniffing the
>>>>> packets and
>>>>> analyzing them. Could you guys tell me where they are if you know any 
>>>>> of
>>>>> them? I need a
>>>>> lib like this because right now I have a small application. It uses
>>>>> TCL/Expect to load a
>>>>> tcpdump process and then parse the output. I think such a lib would be
>>>>> much more faster
>>>>> than using Expect.
>>>>>
>>>>> Thanks,
>>>>> Thai.
>>>>>
>>>>> --
>>>>>
>>>>> _______________________________________________
>>>>> Winpcap-users mailing list
>>>>> Winpcap-users at winpcap.org
>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>
>>> --
>>>
>>> _______________________________________________
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
> 
> 
> --
> 
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
> 


More information about the Winpcap-users mailing list