Comment by colechristensen
1 day ago
>It feels magical to have a 3-page C program sitting over libpcap giving reports in miliseconds that would take wireshark minutes.
Any demos available of something like this?
1 day ago
>It feels magical to have a 3-page C program sitting over libpcap giving reports in miliseconds that would take wireshark minutes.
Any demos available of something like this?
Sadly proprietary, but the core of it was to open a file with pcap_open_offline() [0], and then calling pcap_next() from a loop and reading a few bits out of the packet buffer. With NVMe disks, the information I needed was instantaneous for a 10M packet file.
https://manpages.debian.org/stretch/libpcap0.8-dev/pcap_open...