codey-06
asked on
how to analyze a tcpdump
Hi
I'm in need of some advice. I have a tcp dump in which I need to write my own custom sniffer to detect any corrupt tcp packets. The tcpdump contains packets that I have modified to hide hidden data. This has been done by using a kernel module and protocol type handler (to clone the packet) to insert ("hidden") data into the checksum field.
Can anyone give me some advice in how I can design a program to detect this? Could I use libpcap? (im using linux ubuntu)
Thanks
I'm in need of some advice. I have a tcp dump in which I need to write my own custom sniffer to detect any corrupt tcp packets. The tcpdump contains packets that I have modified to hide hidden data. This has been done by using a kernel module and protocol type handler (to clone the packet) to insert ("hidden") data into the checksum field.
Can anyone give me some advice in how I can design a program to detect this? Could I use libpcap? (im using linux ubuntu)
Thanks
ASKER
Thanks for the swift reply. Yes thats what I've got planned out in my head.. but completely new to this. Could you show me some example code?..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you, that has been a great help.
What you describe is pretty straightforward : read packets from the dump file using libpcap (or sniff them directly from the network), and then have your own code that interprets the contents of the packets however you need.