On Mon, Mar 9, 2009 at 12:14 PM, Ulisses Araújo Costa
<ulissesaraujocosta@xxxxxxxxx> wrote:
> Hello,
>
> I'm doing a project where I need to parse some packets (HTTP and some
> protocols for databases).
> I start doing this using the tcpdump library, and after that start to
> parse all the nested packets like that:
>
> Ethernet -> TCP/UDP -> IPv4/IPv6 -> Application packet
>
> I've done part of this job using the Haskell programming language, the
> problem is to start obtain information about the relation of the
> packets (like temporal relation, or others). I see that wireshark
> already does that job. And in fact parse all the data from one packet,
> and have a great pretty printer.
>
> I start to read manuals for developers, and unfortunately did not find
> anything that really help me.
>
> My question is: Could you show to me a simple program that take a
> input tcpdump file (Coud also be in Online mode), and just return the
> structure of the parsed packets?
I don't believe that this is possible today.
I am working on a new library that might make it possible and will
have SWIG interfaces for a number of scripting languages (whatever
SWIG supports) but it is in the early stages at the moment. It
supports the concept of parse tables that you can install at runtime.
--
Regards,
Richard Sharpe
