I have '.pcap' files that were generated by Tcpdump. I have been looking for a way with PHP to read data in the files. I have tried several methods available, but the only thing I was able to see was that there were some number of packets with a timestamp against each packet. I tried to read further but it was all in some binary.
Just wanted to ask if anyone out there has experience with packet capture. Would be great help.
I have tried these methods so far: https://github.com/zobo/php-pcap https://code.google.com/a/eclipselabs.org/p/php-pcap-analyzer/ and http://systemsarchitect.net/parsing-binary-data-in-php-on-an-example-with-the-pcap-format/ http://systemsarchitect.net/
Thanks in advance :)
I was able to see http requests from my client machine to internet by using PHP's unpack() function and fread() combined. The libraries mentioned above are also useful to retrieve other information for example the ip addresses of client and server machines with timestamps
But I wasn't able read the responses. That is because the data returned from internet servers to remote client is encrypted and PHP is not a good technology to retrieve this data.