<div>
libpcap would indeed be my first choice for any type of sniffer. It's flexible enough to do pretty much anything you want (related to sniffing). And if it's not, the source is available to be modified ;)<br />
<br />
What you describe is pretty straightforward : read packets from the dump file using libpcap (or sniff them directly from the network), and then have your own code that interprets the contents of the packets however you need.
</div>


libpcap would indeed be my first choice for any type of sniffer. It's flexible enough to do pretty much anything you want (related to sniffing). And if it's not, the source is available to be modified ;)

What you describe is pretty straightforward : read packets from the dump file using libpcap (or sniff them directly from the network), and then have your own code that interprets the contents of the packets however you need.

<div>
Thanks for the swift reply. &nbsp;Yes thats what I've got planned out in my head.. but completely new to this. &nbsp;Could you show me some example code?..
</div>


Thanks for the swift reply.  Yes thats what I've got planned out in my head.. but completely new to this.  Could you show me some example code?..

<div>
Thank you, that has been a great help.
</div>


<div>
<div class="content wysiwyg-content">
Hi <br />
<br />
I'm in need of some advice. &nbsp;I have a tcp dump in which I need to write my own custom sniffer to detect any corrupt tcp packets. &nbsp;The tcpdump contains packets that I have modified to hide hidden data. &nbsp;This has been done by using a kernel module and protocol type handler (to clone the packet) to insert (&quot;hidden&quot;) data into the checksum field.<br />
<br />
Can anyone give me some advice in how I can design a program to detect this? &nbsp;Could I use libpcap? &nbsp;(im using linux ubuntu)<br />
<br />
<br />
Thanks
</div>
</div>


Hi 

I'm in need of some advice.  I have a tcp dump in which I need to write my own custom sniffer to detect any corrupt tcp packets.  The tcpdump contains packets that I have modified to hide hidden data.  This has been done by using a kernel module and protocol type handler (to clone the packet) to insert ("hidden") data into the checksum field.

Can anyone give me some advice in how I can design a program to detect this?  Could I use libpcap?  (im using linux ubuntu)


Thanks

how to analyze a tcpdump

C is a general-purpose, imperative computer programming language, supporting structured programming, lexical variable scope and recursion, while a static type system prevents many unintended operations. By design, C provides constructs that map efficiently to typical machine instructions, so it has found lasting use in applications that had formerly been coded in assembly language, including operating systems as well as various application software for computers ranging from supercomputers to embedded systems. It is distinct from C++ (which has its roots in C) and C#, and many later languages have borrowed directly or indirectly from C.

Programming includes both the specifics of the language you’re using, like Visual Basic, .NET, Java and others, but also the best practices in user experience and interfaces and the management of projects, version control and development. Other programming topics are related to web and cloud development and system and hardware programming.

Programming

A programming language is a formal constructed language designed to communicate instructions to a machine, particularly a computer. Thousands of different programming languages have been created, mainly in the computer field, and many more still are being created every year. The description of a programming language is usually split into the two components of syntax (form) and semantics (meaning). Some languages are defined by a specification document (for example, the C programming language is specified by an ISO Standard), while other languages (such as Perl) have a dominant implementation that is treated as a reference. Some languages have both, with the basic language defined by a standard and extensions taken from the dominant implementation being common.