How to collect tcp and decode http information in c code?

I am working with libpcap to check for http info. libpcap cannot build tcp segment. there are many corner cases for manual control. I also read the wireshark source code. It's too big. Is there any open source that can collect tcp and process http data in c?

+3


source to share


3 answers


Previously hacked code driftnet, tcpflow, pcap, etc.

tcpflow can rebuild dumps, i.e. tcpdump. A "typical" work chain can be:

$ tcpdump -nnieth0 -w dump.raw
# dump dum dump
$ mkdir tmp && cd tmp
tmp/$ tcpflow -r ../dump.raw
# This joins the transfers into separate files
# Now one can investigate each transfere from those separate files
# Next join them to one:
tmp/$ cat * > ../dump.flow
tmp/$ cd ..
# Extract some data
$ foremost -i dump.flow

      



Trust me, you can find helpful lines in the source code for these.

Rest
: HTTP Parser Library: HTTP Parser

+1


source


The easiest way to do this is to download the opencap file or open it. after that right click any package and go to "follow tcp stream" ... you will see your http details in the opened window.

If you want to create a program from scratch.

The pcap file structure for a tcp transaction looks something like this:
[Pcap_file_header]
      for each packet
          [pcap_packet] - this contains the len info package
        [ip_header] ---- usually 20 or more
        [tcp_header] - usually 20 or more
        [package] - - len stored in the pcap packet header



Now, to read the information, first get the pcap file in the stream pointer.
Read packet file header (google for different structure type)
run loop
      for each packet
          read pcap_phdr from file or stream add ip_hdr length offset and tcp hdr length
         , for example pointer = pointer + 20 (for ip) +20 (for tcp) the
pointer should point to your data so just give read pcap_phdr.caplen the number of bytes and print it character by character.

+1


source


The smallest TCP / IP stack I know that is open source is uIP , but it is a bit weird as it is designed for extremely small systems (microcontrollers)

Another small open source TCP / IP stack that is slightly more traditional is lwIP

0


source







All Articles