Hello fellows.
I'm writing an application for iPhone (using objective-c) but as I want it to parse a pcap file (packet dump) I thought of writing that part in strict C.
The thing is, I'm not really sure how to do this. I've googled for resources but have yet to find anything.
I have to parse the contents of a pcap dump file so that I can add each packets to a table that I've already set up.
Do you have any resources of small snippets on how to successfully parse a pcap file?
Regards,
n1mda
Why do you want to decode a pcap file on an iPhone?
How did the pcap file get there in the first place?
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
If at first you don't succeed, try writing your phone number on the exam paper.
It's supposed to be a packet analyzer on the go, and it is also possible (for jailbroken devices) to sniff and collect packets.
The thing is that since this app should enter the appstore, I can not use libpcap, so I have to code my own functions.
libpcap makes extensive use of the dlpi() APIs; not sure if iPhone has support for them though you can browse its source for some pointers.
I've gone over the parts of the sourcecode from libpcap that I want, but it is still really huge with a lot of structs and other things I don't really need. I simply want to open a pcap dump and print it's content using the given structure (timestamp, caplen and len)
This shouldn't be to hard but as still quite a novice and an idiot when it comes to logics I could need some advice and hints.
pcap_fopen_offline() is the function I want to reconstruct but it contain's a lot of info that makes no sense to me.
I still need help with this, does anyone have any information?
I'm pretty sure no one here feels like writing their own version of libpcap. Programming with pcap
Quzah.
Hope is the first step on the road to disappointment.
Oh don't get me wrong, I don't want someone to write it for me. Definitly not, I'm probably capable of doing it myself. Just wanted to see if someone already wrote a small wrapper that handles offline file controlling.
So you're just looking to read data from a file and display it? This problem is not specific to (lib)pcap, rather to file I/O. Learn the format which the data is stored in and parse it.
http://www.cprogramming.com/tutorial/c/lesson10.html
Environment: OS X, GCC / G++
Codes: Java, C#, C/C++
AOL IM: neandrake, Email: neandrake (at) gmail (dot) com
Thank you for the tip!
I've started out and it's actually coming along pretty well, I have so far been able to read the header of the dump file and can parse that pretty easy.
I'll post some code later if I run in to any problems or when I think it's finished, so you guys perhaps could take a look and clean it upData and memory management is pretty important, since pcapfiles could end up to be quite a lot of data, but the iPhone only has about 25Mb RAM to work with, which includes my gui.
