[Winpcap-users] Packet random access using file seek
Pat Marion
pat.marion at kitware.com
Mon Apr 22 03:51:27 PDT 2013
Hi,
I am using libpcap on macosx/linux and winpcap for Windows targets. My
application reads packets stored in save files using the functions:
pcap_open_offline()
pcap_next_ex()
pcap_close()
I am trying to implement packet random access, for example, open the file
and read packets 100 thru 200. My strategy has been to open the file once
and loop over each packet, and record the file position of certain packets
of interest using ftell. Later, I can skip directly to these packets using
fseek. (actually, my code uses fgetpos/fsetpos for large file support)
I found that my code works on macosx and linux but not Windows. I found
winpcap documentation that says pcap_file() is deprecated in
winpcap<http://www.winpcap.org/docs/docs_412/html/group__wpcapfunc.html#ga4c9f5690b99fb2af1f8904403f7da06b>,
so I switched to use pcap_fopen_offline() and pass my own file pointer.
This works, but seeking on the file pointer using ftell/fseek does not
work. For example, on linux ftell() will return the offset 24 after
pcap_fopen_offline(), while on Windows the returned file offset is 4096.
So it appears that my plan to use file seeking may not be possible on
Windows. I am using the winpcap 4.1.2 development package and dll.
Gianluca, I found a relevant email thread here:
http://www.winpcap.org/pipermail/winpcap-users/2011-January/004242.html
It seems that you were prepared to go into some more detail, but then the
thread ended before you did so :-) Do you have any advice? Is there a
technique I could use to seek to packets of interest in a save file?
Cheers,
Pat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20130422/7f42e9ec/attachment.html>
More information about the Winpcap-users
mailing list