I'm currently learning about TCP and packets. I'm working in the C programming language, and I understand how the pcap
library can be used to sniff traffic on my computer. But can pcap
be used to parse and read through a trace file as well? I need to track the TCP state information from a given trace file.
In a nutshell, I'm curious how I can go about opening a trace file with pcap
to parse through it? If someone could get me moving towards the right direction, it would be greatly appreciated!
But can pcap be used to parse and read through a trace file as well?
Yes. Most of the APIs you'd use are the same, but you'd use pcap_open_offline()
to open a file rather than using pcap_open_live()
, or pcap_create()
and pcap_activate()
, to open a device for a live capture.