Ethereal: Re: [Ethereal-users] tcpdump API

Ethereal-users: June 2001

Subject: Re: [Ethereal-users] tcpdump API
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 10 Jun 2001 11:55:40 -0700

On Sun, Jun 10, 2001 at 02:21:38PM +0300, Nawar, Hany Nader Soliman (Hany) wrote:
> I'd like to know if there is a set of APIs in the tcpdump and if yes, where
> is it and how to use it?
> In other words, how to write a program like ethereal, built on top of
> tcpdump.

Tcpdump doesn't have any APIs it exports for use by programs built atop
it.  The library it uses for packet capture is the same library Ethereal
uses for packet capture - libpcap - and it *does* have APIs, but they
only deliver raw packets to the program; the program has to do its own
work dissecting those packets.

Several years ago, some people at the University of Washington took
tcpdump and modified its code to build a Motif-based GUI packet analyzer
atop it; it doesn't appear to have had work done on it in over 7 years,
but it can be found at

	ftp://ftp.cac.washington.edu/pub/noc-tools/tcpview/

if you're curious.  Note that it's based on an over-7-year-old version
of tcpdump - which even predates the split of tcpdump into libpcap and
tcpdump - and, as such, is missing a lot of stuff that's currently in
tcpdump.

References:
- [Ethereal-users] tcpdump API
  - From: Nawar, Hany Nader Soliman (Hany)

Prev by Date: [Ethereal-users] tcpdump API
Next by Date: [Ethereal-users] Reconstructing a message
Previous by thread: [Ethereal-users] tcpdump API
Next by thread: [Ethereal-users] Reconstructing a message
Index(es):
- Date
- Thread