n1mda

Hello fellows.

I'm writing an application for iPhone (using objective-c) but as I want it to parse a pcap file (packet dump) I thought of writing that part in strict C.

The thing is, I'm not really sure how to do this. I've googled for resources but have yet to find anything.

I have to parse the contents of a pcap dump file so that I can add each packets to a table that I've already set up.

Do you have any resources of small snippets on how to successfully parse a pcap file?

Regards,
n1mda

Salem

Why do you want to decode a pcap file on an iPhone?

How did the pcap file get there in the first place?

__________________
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.

n1mda

It's supposed to be a packet analyzer on the go, and it is also possible (for jailbroken devices) to sniff and collect packets.

The thing is that since this app should enter the appstore, I can not use libpcap, so I have to code my own functions.

itCbitC

libpcap makes extensive use of the dlpi() APIs; not sure if iPhone has support for them though you can browse its source for some pointers.

n1mda

I've gone over the parts of the sourcecode from libpcap that I want, but it is still really huge with a lot of structs and other things I don't really need. I simply want to open a pcap dump and print it's content using the given structure (timestamp, caplen and len)

This shouldn't be to hard but as still quite a novice and an idiot when it comes to logics I could need some advice and hints.

pcap_fopen_offline() is the function I want to reconstruct but it contain's a lot of info that makes no sense to me.

n1mda

I still need help with this, does anyone have any information?

quzah

I'm pretty sure no one here feels like writing their own version of libpcap. Programming with pcap


Quzah.

__________________
Hundreds of thousands of dipshits can't be wrong.


Are you up for the suck?

n1mda

Oh don't get me wrong, I don't want someone to write it for me. Definitly not, I'm probably capable of doing it myself. Just wanted to see if someone already wrote a small wrapper that handles offline file controlling.

neandrake

So you're just looking to read data from a file and display it? This problem is not specific to (lib)pcap, rather to file I/O. Learn the format which the data is stored in and parse it.

http://www.cprogramming.com/tutorial/c/lesson10.html

__________________

AIM: Neandrake
EMAIL: nta0 @ yahoo . com
Operating System: Windows XP SP2
Compiler: GCC
IDE: Notepad++

Don't give up your freedom to think - www.cognitiveliberty.org

n1mda

Thank you for the tip!
I've started out and it's actually coming along pretty well, I have so far been able to read the header of the dump file and can parse that pretty easy.

I'll post some code later if I run in to any problems or when I think it's finished, so you guys perhaps could take a look and clean it up Data and memory management is pretty important, since pcapfiles could end up to be quite a lot of data, but the iPhone only has about 25Mb RAM to work with, which includes my gui.