Extract files from packet payload

2
votes

Libpcap helps to capture network packets and save them in '.pcap' files. I know how to do this but how to extract files from the payload? I want to analyze pcap file, extract files (maybe using 'magic numbers' ?), guess their extension and save these files so I can view them. If someone downloaded a PNG image I want to get image.png on my computer. I know I can use Wireshark or any other sniffer but my aim is to write my own one. The question is: how do I extract files from pcap capture file?

C code will be much appreciated.

Notice: WinPcap is OK, but it would be better if the code was multiplatform.

2
clibpcap
You can view the packet in wiresharkKhan
@Khan, I know, but I want to write my own lightweight packet sniffer. Wireshark works with lots of problems and slowdowns on Mac, so I wanna get a sniffer that works on every platform. Even on jailbroken iPhone.ForceBru
Doesn't the pcap website/documentation tell you how to do that?o_weisman
@o_weisman it's just about packet capturing but nothing elseForceBru
winpcap.org/docs/docs_412/html/group__wpcap__tut7.html ?o_weisman

2 Answers

1
votes

Well you can use wireshark to view the packet. The link below shows you how to make your own packet sniffer in C

http://www.binarytides.com/packet-sniffer-code-c-linux/