1
votes

I have written a code which sniffs packets on the network. It then filters it according to the MAC address and stores it as a .pcap file. Now I want to add a function to the code which can read the .pcap file or the object that holds the sniffed packets to filter it again to get ARP packets.

I tried using PCAP library's bpf function but it doesn't help. Any other way this might work?

2

2 Answers

1
votes

If you want to do it all in python, I've used dpkt before and it works well: https://code.google.com/p/dpkt/

I don't know if it supports BPFs though.

1
votes

Open the pcap file with pcap_open_offline(), compile the filter "arp" with pcap_compile(), set the filter on the pcap_t * to the resulting filter with pcap_setfilter(), and then read the packets from that pcap_t *.