libpcap read packet size

Question

I started to write an application which will read RTP/H.264 video packets from an existing .pcap file, I need to read the packet size. I tried to use packet->len or header->len, but it never displays the right number of bytes for packets (I'm using wireshark to verify packet size - under Length column). How to do it? This is part of my code:

while (packet = pcap_next(handle,&header)) {

  u_char *pkt_ptr = (u_char *)packet;
  struct ip *ip_hdr = (struct ip *)pkt_ptr; //point to an IP header structure 
  struct pcap_pkthdr  *pkt_hdr =(struct pcap_pkthdr *)packet;

  unsigned int packet_length = pkt_hdr->len;
  unsigned int ip_length = ntohs(ip_hdr->ip_len);
  printf("Packet # %i IP Header length: %d bytes, Packet length: %d bytes\n",pkt_counter,ip_length,packet_length);


Packet # 0 IP Header length: 180 bytes, Packet length: 104857664 bytes
Packet # 1 IP Header length: 52 bytes, Packet length: 104857600 bytes
Packet # 2 IP Header length: 100 bytes, Packet length: 104857600 bytes
Packet # 3 IP Header length: 100 bytes, Packet length: 104857664 bytes
Packet # 4 IP Header length: 52 bytes, Packet length: 104857600 bytes
Packet # 5 IP Header length: 100 bytes, Packet length: 104857600 bytes

Another option I tried is to use: pkt_ptr-> I get:

read_pcapfile.c:67:43: error: request for member ‘len’ in something not a structure or union

Yehia Yehia · Accepted Answer · 2013-07-01T11:13:39

2

votes

You should be using header.len.

unsigned int packet_length = header.len;

libpcap read packet size

2 Answers