top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

How to Use libwireshark in C Program to Decode Network Packets?

+2 votes
518 views
How to Use libwireshark in C Program to Decode Network Packets?
posted Nov 6, 2015 by Amit Kumar Pandey

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

0 votes

Wireshark is an open source network packet analyzer.

It can capture, dissect, and decode various protocols. This helps Linux sysadmin to troubleshoot network issues.

Apart from using wirehshark as a standlone application for debugging network packets, you can also write your own extension or plugin using wireshark libraries for your custom application.

This tutorial explains how to use wireshark libraries to write custom code to debug network packets using a C example program.

The code explains two parts. First, to capture network packets. Second, to decode packets using libwireshark.

As a prerequisite, your system should have both libpcap and wireshark libraries installed.

To capture a packet, refer to How to Perform Packet Sniffing Using Libpcap with C Example Code.

You can also open an existing pcap file using the following api inside your C program:

pd = pcap_open_offline(pcap_path, errbuf);

Wireshark code uses its own dissection engine (epan module library) to dissect the network packets.

ReferHere

answer Nov 17, 2015 by Mohammed Hussain
Similar Questions
0 votes
Can't use -flto with -std=c99 in C program

My application builds fine with -flto, but only if I do not also specify -std=c99.

If someone can help me, that would be wonderful. I have created a very simple test, below, to demonstrate the problem.

main.c:

#include "foo.h"
void main(int argc, char** argv) {
 int input = atoi(argv[1]);
 printf("%dn", foo(input));
}

foo.h:

inline int foo(int x);

foo.c:

#include "foo.h"
inline int foo(int x) {
 while (x < 900) {
 x += x;
 }
 return x;
}

Makefile:

CFLAGS += -flto -std=c99
LDFLAGS += -flto -std=c99

main : main.o foo.o
main.o : main.c foo.h
foo.o : foo.c foo.h

.PHONY : clean

clean :
 $(RM) main main.o foo.o

Results of running make:

cc -flto -std=c99 -c -o main.o main.c

In file included from main.c:3:0:

foo.h:1:12: warning: inline function  foo  declared but never defined [enabled by default]
 inline int foo(int x);
 ^
foo.h:1:12: warning: inline function  foo  declared but never defined [enabled by default]
cc -flto -std=c99 -c -o foo.o foo.c
cc -flto -std=c99 main.o foo.o -o main
/tmp/ccTDIBGZ.ltrans0.ltrans.o:ccTDIBGZ.ltrans0.o:function main: error: undefined reference to 'foo'
collect2: error: ld returned 1 exit status
make: *** [main] Error 1

Without the -std=c99 flags, make runs successfully and without warnings.

...