<div>What are you looking for, exactly? If it's the same protocol each time, that would help matters.</div>
<div> </div>
<div>Chris<br><br> </div>
<div><span class="gmail_quote">On 4/19/06, <b class="gmail_sendername"><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:shauli.rozen@gmail.com" target="_blank">shauli.rozen@gmail.com</a></b> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:shauli.rozen@gmail.com" target="_blank">
shauli.rozen@gmail.com</a>> wrote: </span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div style="DIRECTION: ltr">
<div>you might also want to assemble the TCP stream.</div>
<div>You can do that using the source/dest IP addresses and ports.</div>
<div>and hold a list of all connections.</div>
<div> </div>
<div>I think you can also use libnids for that.<br><br> </div></div>
<div style="DIRECTION: ltr"><span>
<div><span class="gmail_quote">On 4/19/06, <b class="gmail_sendername">Ramiro Polla</b> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:ramiro86@hotmail.com" target="_blank">ramiro86@hotmail.com
</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Hello,<br><br>First you must remember that the string you're looking for might be divided<br>between packets, because winpcap does not reconstruct streams.
<br><br>After you have a packet (probably with pcap_next_ex), look at the examples<br>in winpcap's documentation that show how to get the TCP or UDP information,<br>and pass that data to a function that searches what you're looking for. If
<br>the string is found, capture it.<br><br>That function might be something like:<br><br>int look_for_string( char* data, int len )<br>{<br>int i;<br>char search_string = "look for this string";<br>if( len < sizeof(search_string) )
<br>return FALSE;<br>for( i = 0 ; i < ( len - sizeof(search_string) ) ; i++ )<br>{<br>if( !strcmp( buf+i, search_string ) )<br> return TRUE;<br>}<br>return FALSE;<br>}<br><br>>From: joe kibz <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:chikabanga2005@yahoo.com" target="_blank">
chikabanga2005@yahoo.com</a>><br>>Reply-To: <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:winpcap-users@winpcap.org" target="_blank">winpcap-users@winpcap.org</a><br>>To: <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:winpcap-users@winpcap.org" target="_blank">
winpcap-users@winpcap.org</a><br>>Subject: [Winpcap-users] Re: filtering traffic using payload contents <br>>Date: Wed, 19 Apr 2006 06:59:02 -0700 (PDT)<br>><br>>Hi, i gotta problem ;<br>><br>> My application needs to :
<br>> -capture traffic<br>> -look for given string in payload <br>>contents*<br>> -capture packets that have given string
<br>>in payload<br>><br>> My question is how do you -** look for given string in payload<br>>contents** ?<br>><br>><br>> joe<br>><br>><br>>---------------------------------<br>>How low will we go? Check out Yahoo! Messenger's low PC-to-Phone call
<br>>rates.<br><br><br>>_______________________________________________ <br>>Winpcap-users mailing list<br>><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Winpcap-users@winpcap.org" target="_blank">
Winpcap-users@winpcap.org</a><br>><a onclick="return top.js.OpenExtLink(window,event,this)" href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target="_blank">https://www.winpcap.org/mailman/listinfo/winpcap-users
</a><br><br><br>_______________________________________________<br>Winpcap-users mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Winpcap-users@winpcap.org" target="_blank">Winpcap-users@winpcap.org
</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target="_blank">https://www.winpcap.org/mailman/listinfo/winpcap-users</a><br></blockquote></div>
<br></span></div><br>_______________________________________________<br>Winpcap-users mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Winpcap-users@winpcap.org" target="_blank">Winpcap-users@winpcap.org
</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target="_blank">https://www.winpcap.org/mailman/listinfo/winpcap-users</a><br><br><br></blockquote>
</div><br>