Hi there, I am working on signature based IDS, for this I have captured the TCP/IP traffic through Wireshark and got a pcap file, I want to extract some fields from the packet itself. How do I do this? I have been searching through the Internet and got the idea of installing libpcap library but I have found it difficult to install it properly. I am hoping that someone is going to help me in this regard, specially Mr. arunmagar
Web Spider 0 Newbie Poster
Banfa 597 Posting Pro Featured Poster
libpcap is just the library that enables you to capture the network traffic, if the data you are capturing is not a protocol that WireShark already handles then your only options are to extract the data by hand (i.e. copy it off the screen or export to a text format and do the maths required yourself) or write a plug-in for WireShark to handle your unknown protocol which is not an entirely trivial task.
L7Sqr 227 Practically a Master Poster
tshark is the command line version of wireshark. You can also use tcpdump depending on the platform. Each of these is easy to wrap around a script interface.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.