[Winpcap-users] how can I get protocol (e.g. HTTP) within TCPpacket, and HTTP fields?
Gianluca Varenni
gianluca.varenni at cacetech.com
Thu Jul 15 18:47:04 PDT 2010
--------------------------------------------------
From: "Greg Hauptmann" <greg.hauptmann.ruby at gmail.com>
Sent: Wednesday, July 14, 2010 11:38 PM
To: <winpcap-users at winpcap.org>
Subject: [Winpcap-users] how can I get protocol (e.g. HTTP) within
TCPpacket, and HTTP fields?
> Hi,
>
> As background I'm want to be able to, within a capture access:
> * what is the protocol within the TCP packets, e.g. HTTP?
> (specifically I'm after filter on web traffic)
> * what is the Length of the HTTP part
>
> Q1 - Does WinPCap support getting this?
WinPcap provides you the TCP packets. It doesn't provide any code to
reconstruct the original TCP stream and parse the HTTP headers.
> Q2 - If no, any recommendations re how to?
I would have a look at how Wireshark (or snort) does that.
Have a nice day
GV
>
>
> thanks
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list