Suggestionis needed C++ converting pcap files

December 30th, 2010, 09:17 PM
pcap file type is the file generated by TCP dump or Eathereal/ WireShark tool.

I am looking into writing a C++ method to open a pcap file, strip the header and output the data to a different file.

Any suggestions on how to start on this?????

To generate the tcpdump file - just run the tcpdump utility with the -w option.

# tcpdump -s 1514 port 80 -w capture_file

December 30th, 2010, 11:14 PM
why does it have to be C++?

is the capture file a binary one? I'm guessing that this would be very easy to do with a scripting language, python or perl for instance, they are pretty good at parsing files

December 30th, 2010, 11:26 PM
I think aircrack-ng package provides a tool for converting .ivs to .pcap and back(ivstools) (if not, sorry, I am maybe confused with other package or something)

EDIT: Yes it does!
ivtools manpage:

ivstools - extract IVs from a pcap file or merges several .ivs files
into one :)

December 31st, 2010, 12:41 AM
Yes it has to be in C++...

I am using libpcap to open the file -

pcap_t *handle;
handle = pcap_open_offline( argv[fnum], errorBuff);

Now I have to figure out how to loop through the file and separate header from data....

Fun I tell you... :confused:

December 31st, 2010, 10:01 AM
Why don't you

apt-get source aircrack-ng
to see how ivstools read the pcap file?