Hi I am Rishi studying in Loughborough University UK, I have got a project to do where I have to use libtrace library to get the standard 5 tuple values(Source and Destination Address, Source and Destination Port, and the sequence No.) for determining the flows in a Pcap file I have been provided its a passive analysis of packet. I have all those 5 tuples with me and I have used struct sockaddr and struct sock addr_in for getting the source address whereas I have used sa_data for getting the destination address, getting the port and sequence no. is not tough using the libtrace library .

I am new to Linux for the first thing and I havent used socket programming before m a newbie now what I want to do in order to determine the flows in the packet is to compare all the 5 tuple values of the packet so that I am able to distinguish the flows later in incoming and outgoing flows, but I dont know how to make the pointer to point at the next source and destination address and also the port No.'s. I would be really obliged if anyone can help me with this.

Thanks and Regards
Rishi.